Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PropostaOrcamentoPdf.msi

Overview

General Information

Sample name:PropostaOrcamentoPdf.msi
Analysis ID:1591064
MD5:161dc4dab13372653178ee20e4425617
SHA1:84afb549c3f546e10fcda181190e1adceb519076
SHA256:678e3da3b697049b132b3bde032437d99675ce85f7cba594aaac0d93927ce971
Infos:

Detection

AteraAgent
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Installs Task Scheduler Managed Wrapper
Loading BitLocker PowerShell Module
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sample is not signed and drops a device driver
Sigma detected: Potential PowerShell Command Line Obfuscation
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores large binary data to the registry
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 6720 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PropostaOrcamentoPdf.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 3540 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6508 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B34153CDE5D0C02494ABF2A25FF83C1C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 2300 cmdline: rundll32.exe "C:\Windows\Installer\MSI1620.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5707390 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 2872 cmdline: rundll32.exe "C:\Windows\Installer\MSI1BDE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5708812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 2656 cmdline: rundll32.exe "C:\Windows\Installer\MSI2E00.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5713437 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7288 cmdline: rundll32.exe "C:\Windows\Installer\MSI4A38.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5720687 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 7064 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 76C5016BCD6723C10255D2DE20E244D9 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 368 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 5880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 5164 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 3536 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 1404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 6524 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="orcamentos96@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PPQvXIAX" /AgentId="374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3" MD5: 477293F80461713D51A98A24023D45E8)
    • msiexec.exe (PID: 2804 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 7482BF808364957C1D679E43E52AA945 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 3788 cmdline: rundll32.exe "C:\Windows\Installer\MSIA90D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5810546 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 876 cmdline: rundll32.exe "C:\Windows\Installer\MSIADE0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5811859 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 5876 cmdline: rundll32.exe "C:\Windows\Installer\MSICD60.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5819796 46 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • net.exe (PID: 6328 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 7092 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 5252 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 6808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • net.exe (PID: 1880 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 6876 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u MD5: 477293F80461713D51A98A24023D45E8)
  • AteraAgent.exe (PID: 6816 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 7172 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 7184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7748 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "31fd3e86-7595-463e-92f6-60c24bb7aa8c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX MD5: 9D8D50D2789C2A8D847D7953518A96F6)
      • conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7764 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3634c52b-6d9d-4510-b9da-41a474bfadc9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX MD5: 9D8D50D2789C2A8D847D7953518A96F6)
      • conhost.exe (PID: 7780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 6524 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3d5dc085-b6e7-4fa2-ab3b-75d4e067138f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000PPQvXIAX MD5: 9D8D50D2789C2A8D847D7953518A96F6)
      • conhost.exe (PID: 7236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7280 cmdline: "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible " MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 2540 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cscript.exe (PID: 2704 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
    • AgentPackageUpgradeAgent.exe (PID: 3552 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "11dde691-674b-4abc-a849-3026371a4444" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000PPQvXIAX MD5: E9794F785780945D2DDE78520B9BB59F)
      • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 4616 cmdline: "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart MD5: E5DA170027542E25EDE42FC54C929077)
    • AgentPackageTicketing.exe (PID: 4036 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "d30aea16-8ebf-49ba-8534-a09d49b9b6b8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000PPQvXIAX MD5: 2EC1D28706B9713026E8C6814E231D7C)
      • conhost.exe (PID: 4916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageSTRemote.exe (PID: 2996 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "25a609e0-48c4-43ea-ab9f-0e5ee31d888e" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000PPQvXIAX MD5: 67FEF41237025021CD4F792E8C24E95A)
      • conhost.exe (PID: 5904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • AgentPackageUpgradeAgent.exe (PID: 6908 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun MD5: E9794F785780945D2DDE78520B9BB59F)
    • conhost.exe (PID: 6360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • sppsvc.exe (PID: 1244 cmdline: C:\Windows\system32\sppsvc.exe MD5: 320823F03672CEB82CC3A169989ABD12)
  • svchost.exe (PID: 6280 cmdline: C:\Windows\System32\svchost.exe -k smphost MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\Temp\~DF0E56B4C9B4D5AEE1.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DF61D0F85115295E76.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Windows\Temp\~DF1C7C7BE48FF98E07.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Config.Msi\5714e6.rbsJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
            Click to see the 84 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000036.00000002.3463290327.00007FFD342D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              00000014.00000002.2961435509.000001428DDB0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                0000001D.00000002.3142586290.00000193CD440000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  0000002B.00000000.3303535329.000001F340852000.00000002.00000001.01000000.00000025.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    0000000D.00000002.2353618442.000001E3759A5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 262 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Potential PowerShell Command Line Obfuscation
                      Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible ", CommandLine: "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) {
                      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                      Source: Process startedAuthor: Michael Haag: Data: Command: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2540, ParentProcessName: cmd.exe, ProcessCommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ProcessId: 2704, ProcessName: cscript.exe
                      Sigma detected: Net.exe Execution
                      Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 76C5016BCD6723C10255D2DE20E244D9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7064, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 368, ProcessName: net.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible ", CommandLine: "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) {
                      Sigma detected: Stop Windows Service Via Net.EXE
                      Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 76C5016BCD6723C10255D2DE20E244D9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7064, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 368, ProcessName: net.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k smphost, CommandLine: C:\Windows\System32\svchost.exe -k smphost, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k smphost, ProcessId: 6280, ProcessName: svchost.exe

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for dropped file
                      Source: 5714df.rbf (copy)ReversingLabs: Detection: 26%
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 26%
                      Multi AV Scanner detection for submitted file
                      Source: PropostaOrcamentoPdf.msiVirustotal: Detection: 19%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.7% probability
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA NetworksJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgentJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.configJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\sharedJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.AppJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.IsolatedStorage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.ZipFile.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encodings.Web.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.FileVersionInfo.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Memory.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Ping.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Configuration.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Immutable.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\coreclr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.Local.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Mail.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.DiagnosticSource.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.HttpUtility.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.Core.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Timer.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.HttpListener.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.CSharp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Claims.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.Linq.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.runtimeconfig.jsonJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.versionJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.deps.jsonJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\hostJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxrJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}Jump to behavior
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\AteraSetupLog.txt
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.2.dr
                      Source: Binary string: \mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/obj/Release/Microsoft.ApplicationInsights/net46/Microsoft.ApplicationInsights.pdb source: Microsoft.ApplicationInsights.dll.14.dr
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.2.dr
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.2.dr
                      Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.2962298010.000001A692422000.00000002.00000001.01000000.00000018.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3996033641.000001F341072000.00000002.00000001.01000000.00000031.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbd source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.2.dr
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.2.dr
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDBpxU source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.PDB source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\SRChat.pdb source: SRAudioChat.exe.2.dr
                      Source: Binary string: D:\a\_work\1\s\build\ship\x86\uica.pdb source: 5714f5.msi.2.dr
                      Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.2.dr
                      Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A30000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.3514996813.0000025972D52000.00000002.00000001.01000000.0000002E.sdmp, ICSharpCode.SharpZipLib.dll.31.dr
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.dr
                      Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3339532095.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdbs source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\TicketingPackageExtensions.pdbhb4 source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A91000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 0000002A.00000002.3346049540.0000000006D50000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdbTlnl `l_CorExeMainmscoree.dll source: AgentPackageTicketing.exe, 0000002B.00000000.3303535329.000001F340852000.00000002.00000001.01000000.00000025.sdmp, AgentPackageTicketing.exe.14.dr
                      Source: Binary string: d:\str\dev\win32\stgamepad\bus\objfre_win7_amd64\amd64\stgamepad.pdb source: stgamepad.sys0.2.dr
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3530333041.000001991C0B2000.00000002.00000001.01000000.0000002F.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: PropostaOrcamentoPdf.msi, 5714e7.msi.2.dr
                      Source: Binary string: D:\a\12\s\AteraNugetPackages\Atera.AgentPackages.Exceptions\Atera.AgentPackages.Exceptions\obj\Release\Atera.AgentPackages.Exceptions.pdbJ,d, V,_CorDllMainmscoree.dll source: Atera.AgentPackages.Exceptions.dll.14.dr
                      Source: Binary string: \??\C:\Windows\TicketingPackageExtensions.pdbpdb source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359AD4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.2.dr
                      Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\netfx\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: System.Runtime.InteropServices.RuntimeInformation.dll0.14.dr
                      Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdby! source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdbSHA256 source: System.Runtime.Serialization.Json.dll.2.dr
                      Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.2962298010.000001A692422000.00000002.00000001.01000000.00000018.sdmp
                      Source: Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.2.dr
                      Source: Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\TicketingPackageExtensions.pdbe source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359AD4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: XC:\Windows\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdb( source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A5C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: c:\winddk\6000\src\video\displays\mirror\mini\objfre_wxp_x86\i386\mv2.pdb source: mv2.sys1.2.dr
                      Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll.14.dr
                      Source: Binary string: c:\winddk\6000\src\video\displays\mirror\mini\objfre_wxp_x86\i386\mv2.pdbN source: mv2.sys1.2.dr
                      Source: Binary string: \??\C:\Windows\dll\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359AD4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: 8C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.PDB source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Contracts\4.0.1.0\System.Diagnostics.Contracts.pdb source: System.Diagnostics.Contracts.dll.14.dr
                      Source: Binary string: \??\C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029B8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: dows\dll\System.pdb!4 source: rundll32.exe, 0000002A.00000002.3339532095.00000000029CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ?nnC:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.pdb= source: rundll32.exe, 0000002A.00000002.3337788630.0000000000347000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdboT source: rundll32.exe, 0000002A.00000002.3339532095.00000000029B8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\12\s\AteraNugetPackages\Atera.AgentPackages.Exceptions\Atera.AgentPackages.Exceptions\obj\Release\Atera.AgentPackages.Exceptions.pdb source: Atera.AgentPackages.Exceptions.dll.14.dr
                      Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb8 source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.dr
                      Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 0000002A.00000002.3339532095.00000000029A1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\build\ship\x86\WixDepCA.pdb source: 5714f5.msi.2.dr
                      Source: Binary string: HPbn\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3337788630.0000000000347000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029AD000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.14.dr
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.2.dr
                      Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdb source: System.Security.Cryptography.OpenSsl.dll.2.dr
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.14.dr
                      Source: Binary string: \??\C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.pdb9 T:X source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb2 source: rundll32.exe, 0000002A.00000002.3339532095.00000000029AD000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: C:\Windows\TicketingPackageExtensions.pdbpdbons.pdb10.0 source: AgentPackageTicketing.exe, 0000002B.00000002.3991728641.000001F340A91000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: sions.pdbRT source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.2.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbIf source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdbc source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.3514996813.0000025972D52000.00000002.00000001.01000000.0000002E.sdmp, ICSharpCode.SharpZipLib.dll.31.dr
                      Source: Binary string: symbols\dll\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3506223685.00000259726C0000.00000002.00000001.01000000.0000002D.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: c:\svn\branches\features\iris00_v3_20150407_69486\win32\stxpsdrv\src\filters\color\objfre_win7_x86\i386\XDColMan.pdb source: XDColMan.dll.2.dr
                      Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdbSHA256 source: System.Security.Cryptography.OpenSsl.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdbsions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000014.00000002.2962840526.000001428E772000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 00000021.00000002.3384490162.000002A4E2DA2000.00000002.00000001.01000000.0000002B.sdmp, Newtonsoft.Json.dll1.14.dr
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlDocument\4.0.3.0\System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.14.dr
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3506223685.00000259726C0000.00000002.00000001.01000000.0000002D.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2962840526.000001428E772000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 00000021.00000002.3384490162.000002A4E2DA2000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll1.14.dr
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3530333041.000001991C0B2000.00000002.00000001.01000000.0000002F.sdmp
                      Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageOsUpdates\AgentPackageOsUpdates\obj\Release\AgentPackageOsUpdates.pdb source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: devcon.pdbhe source: devcon.exe6.2.dr
                      Source: Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\exe\AgentPackageUpgradeAgent.pdbi source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.2.dr
                      Source: Binary string: d:\svn\sr01\tim\dev\win32\stvideo\display\objfre_win7_x86\i386\stvideo.pdb source: stvideo.dll.2.dr
                      Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3346049540.0000000006D7F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029A1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: devcon.pdb source: devcon64.exe0.2.dr, devcon.exe6.2.dr
                      Source: Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\netfx\System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll0.14.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\FormControlsLibrary\obj\Release\FormControlsLibrary.pdb source: FormControlsLibrary.dll.14.dr
                      Source: Binary string: d:\str\dev\win32\sthid\hidmapper\objfre_win7_x86\i386\hidkmdf.pdb source: hidkmdf.sys.2.dr
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Extensions\4.1.2.0\System.Runtime.Extensions.pdb source: System.Runtime.Extensions.dll.14.dr
                      Source: Binary string: TicketingPackageExtensions.PDB source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2352694791.000001E375692000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.2.dr
                      Source: Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.2.dr
                      Source: Binary string: d:\str\dev\win32\sthid\hidmapper\objfre_win7_x86\i386\hidkmdf.pdbN source: hidkmdf.sys.2.dr
                      Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2352694791.000001E375692000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.2.dr
                      Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A30000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: PropostaOrcamentoPdf.msi, 5714e7.msi.2.dr
                      Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.2.dr
                      Source: Binary string: .pdbA source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 0000002B.00000000.3303535329.000001F340852000.00000002.00000001.01000000.00000025.sdmp, AgentPackageTicketing.exe.14.dr
                      Source: Binary string: D:\a\_work\1\s\build\ship\x86\wixca.pdb source: 5714f5.msi.2.dr, MSI5E4B.tmp.2.dr, MSI5138.tmp.2.dr
                      Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                      Source: C:\Windows\System32\cscript.exeFile opened: c:
                      Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.119.152.241 443
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exe, type: DROPPED
                      Source: Joe Sandbox ViewIP Address: 40.119.152.241 40.119.152.241
                      Source: Joe Sandbox ViewIP Address: 13.35.58.89 13.35.58.89
                      Source: Joe Sandbox ViewIP Address: 35.157.63.228 35.157.63.228
                      Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.AVAILABILITY/0.16/AGENT.PACKAGE.AVAILABILITY.Z
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.WATCHDOG/2.0/AGENT.PACKAGE.WATCHDOG.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEADREMOTE/6.0/AGENTPACKAGEADREMOTE.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEHEARTBEAT/17.14/AGENTPACKAGEHEARTBEAT.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEINTERNALPOLLER/23.8/AGENTPACKAGEINTERNALPOLLER.Z
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMARKETPLACE/1.6/AGENTPACKAGEMARKETPLACE.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/38.1/AGENTPACKAGEMONITORING.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEOSUPDATES/30.3/AGENTPACKAGEOSUPDATES.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEPROGRAMMANAGEMENT/26.7/AGENTPACKAGEPROGRAMMANAGE
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/24.3/AGENTPACKAGESTREMOTE.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESYSTEMTOOLS/27.12/AGENTPACKAGESYSTEMTOOLS.ZIP
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGETICKETING/30.3/AGENTPACKAGETICKETING.ZIP
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34146F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a2043.dscr.akamai.net
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com
                      Source: AteraAgent.exe, 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://acontrol.atera.com/
                      Source: rundll32.exe, 00000005.00000002.2282418773.0000000005195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A76C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004345000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EB01000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692B10000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBD78000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDF8000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34146F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.nuget.org
                      Source: rundll32.exe, 00000005.00000002.2282418773.0000000005195000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A76C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004345000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EB01000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692B10000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBD78000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDF8000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C32A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://blob.ams08prdstr06a.store.core.windows.net
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3413329190.0000025959CB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, Pubnub.dll0.2.dr, SQLite.Interop.dll.14.dr, FormControlsLibrary.dll.14.dr, Microsoft.ApplicationInsights.dll.14.dr, 5714e7.msi.2.dr, System.Threading.Tasks.dll.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4Cod
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A82F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2353618442.000001E3759B3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A6C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A734000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A72A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A720000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A698000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A628000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A686000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A73A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB2D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A79E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A714000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A81B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB37000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A748000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E5F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C351000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C34D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C4D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, Pubnub.dll0.2.dr, SQLite.Interop.dll.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E55000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2963217297.000001428E8C4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2963217297.000001428E820000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2961473498.000001A692279000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2962588687.000001A6928C6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3418631183.00000203E4609000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144210962.00000193CE114000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3524990505.000001991B91D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                      Source: mv2.sys1.2.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                      Source: mv2.sys1.2.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
                      Source: mv2.sys1.2.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
                      Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr, XDColMan.dll.2.dr, stgamepad.sys0.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3413329190.0000025959CB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, Pubnub.dll0.2.dr, SQLite.Interop.dll.14.dr, FormControlsLibrary.dll.14.dr, Microsoft.ApplicationInsights.dll.14.dr, 5714e7.msi.2.dr, System.Threading.Tasks.dll.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E37586C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E37582F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2353618442.000001E3759B3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A6C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A734000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A72A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A720000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A698000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A628000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A686000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A73A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB2D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A79E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A714000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A81B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A82F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E37586C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlile
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E5F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C351000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C34D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C4D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, Pubnub.dll0.2.dr, SQLite.Interop.dll.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E55000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2963217297.000001428E820000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2961473498.000001A692279000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2962588687.000001A6928C6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3418631183.00000203E4609000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144210962.00000193CE114000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3524990505.000001991B91D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C351000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C34D000.00000004.00000800.00020000.00000000.sdmp, cscript.exe, 00000025.00000003.3290324306.00000273268FC000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000025.00000002.3295115484.000002732692F000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000025.00000003.3292370782.000002732692F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3339532095.00000000029CF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlY
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/l
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E37584E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crlG
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E37586C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E37582F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A82F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2353618442.000001E3759B3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A6C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A734000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A72A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A720000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A698000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A628000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A686000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A73A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB2D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A79E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A714000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A81B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB37000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A748000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E37586C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlCbw
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlg
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E37584E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                      Source: AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                      Source: AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/H.
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.000002597299E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                      Source: AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?09d3163
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.000002597299E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?11d1cfb
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bead349
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.0000025972947000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cabS
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?09d3
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?11d1
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d25btwd9wax8gu.cloudfront.net
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.drString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.splashtop.com
                      Source: Newtonsoft.Json.dll1.14.drString found in binary or memory: http://james.newtonking.com/projects/json
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://my.splashtop.com
                      Source: powershell.exe, 0000001D.00000002.3185668768.00000193DE36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digice
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.000002597299E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375807000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E37586C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E5F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                      Source: AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2353618442.000001E3759B3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A6C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A734000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A72A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A720000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A698000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A628000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A686000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A73A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB2D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A79E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A714000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A81B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A82F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E55000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2963217297.000001428E8C4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2963217297.000001428E820000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2961473498.000001A692279000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2962588687.000001A6928C6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3418631183.00000203E4609000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144210962.00000193CE114000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3524990505.000001991B91D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3413329190.0000025959CB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, Pubnub.dll0.2.dr, SQLite.Interop.dll.14.dr, FormControlsLibrary.dll.14.dr, Microsoft.ApplicationInsights.dll.14.dr, 5714e7.msi.2.dr, System.Threading.Tasks.dll.14.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://ocsp.digicert.com0K
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://ocsp.digicert.com0N
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://ocsp.digicert.com0O
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E5F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972AAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C351000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C34D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C4D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, Pubnub.dll0.2.dr, SQLite.Interop.dll.14.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                      Source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                      Source: AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crlZns0
                      Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr, XDColMan.dll.2.dr, stgamepad.sys0.2.drString found in binary or memory: http://ocsp.thawte.com0
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C32A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://packagesstore.blob.core.windows.net
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.atera.com
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A83B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.pndsn.com
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: http://s2.symcb.com0
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: rundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBB31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CE301000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C2F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F3410E1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: XDColMan.dll.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
                      Source: stvideo.dll.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: http://sv.symcd.com0&
                      Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr, XDColMan.dll.2.dr, stgamepad.sys0.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                      Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr, XDColMan.dll.2.dr, stgamepad.sys0.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                      Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr, XDColMan.dll.2.dr, stgamepad.sys0.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: http://wixtoolset.org
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/news/
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/releases/
                      Source: powershell.exe, 0000001D.00000002.3194267968.00000193E6630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.StorageNode.cdxml
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A82F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2353618442.000001E3759B3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A6C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A734000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A72A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A720000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A698000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A628000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A686000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A73A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB2D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A79E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A714000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
                      Source: powershell.exe, 0000001D.00000002.3194267968.00000193E6630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                      Source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssc.lt/cps03
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: http://www.symauth.com/cps0(
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: http://www.symauth.com/rpa00
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                      Source: AteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                      Source: rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A849000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A76C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBB31000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/
                      Source: AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBBC6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                      Source: AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F3410E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResultRecurring/AgentPackageTicketingInstallHelp
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A762000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A76C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRemoteToolStatusWithAccount
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBB31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-basedPq;
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBBC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBD78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult
                      Source: rundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                      Source: rundll32.exe, 00000005.00000002.2282418773.00000000051B6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004366000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBD78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/ProductionPq;
                      Source: System.Security.AccessControl.dll.2.drString found in binary or memory: https://aka.ms/dotnet-warnings/
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE301000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CF15B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CFC9C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CF9E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3191024761.00000193E6320000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CFCC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF183000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CFC9C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CFCC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F341385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.nuget.org
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpString found in binary or memory: https://api.nuget.org/v3-flatcontainer/eo.webbrowser/24.1.46/eo.webbrowser.24.1.46.nupkg
                      Source: powershell.exe, 0000001D.00000002.3185668768.00000193DE36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 0000001D.00000002.3185668768.00000193DE36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 0000001D.00000002.3185668768.00000193DE36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: https://d.symcb.com/cps0%
                      Source: stvideo.dll.2.dr, XDColMan.dll.2.drString found in binary or memory: https://d.symcb.com/rpa0
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Fhttps://profiler.monitor
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://dc.services.visualstudio.com/api/profiles/
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://dc.services.visualstudio.com/f
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.splashtop.com
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B36000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.4.exe
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3506223685.00000259726C0000.00000002.00000001.01000000.0000002D.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2962840526.000001428E772000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 00000021.00000002.3384490162.000002A4E2DA2000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll1.14.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://github.com/Microsoft/ApplicationInsights-dotnet
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                      Source: System.Runtime.CompilerServices.Unsafe.dll1.14.drString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
                      Source: System.Security.Cryptography.OpenSsl.dll.2.dr, System.Security.AccessControl.dll.2.dr, System.Data.DataSetExtensions.dll.2.dr, System.Reflection.Primitives.dll.2.dr, System.Xml.XmlSerializer.dll.2.dr, System.Runtime.Serialization.Json.dll.2.dr, System.IO.UnmanagedMemoryStream.dll.2.dr, System.Reflection.TypeExtensions.dll.2.drString found in binary or memory: https://github.com/dotnet/runtime
                      Source: AteraAgent.exe, 0000000E.00000002.3514996813.0000025972D52000.00000002.00000001.01000000.0000002E.sdmp, ICSharpCode.SharpZipLib.dll.31.drString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://github.com/microsoft/ApplicationInsights-dotnet/issues/2560
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF183000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193D003E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://monitor.azure.com//.default
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.splashtop.com
                      Source: AgentPackageSTRemote.exe, 0000002E.00000000.3343936509.0000021F600B2000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: https://my.splashtop.com/csrs/win
                      Source: powershell.exe, 0000001D.00000002.3185668768.00000193DE36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C324000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C30B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C30B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C30B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MSI/1.8.7.2/Setupx64.msi
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MacAgent/1.0/AteraAgentInstaller.pkgA/
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric5Get
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://profiler.monitor.azure.com/l
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAgentI
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E59000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.8/AgentPackageAgentInformation
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageInternalPoller/13.0/AgentPackageInternalPoller.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageOsUpdates/30.3/AgentPackageOsUpdates.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageProgramManagement/26.7/AgentPackageProgramManageme
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.3/AgentPackageSTRemote.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTicketing/13.0/AgentPackageTicketing.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageUpgradeAgent/27.6/AgentPackageUpgradeAgent.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E59000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip?bjmegW
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?bjmegWCVfc
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.8/AgentPackageAgentInformati
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip?bjmegW
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip?bjme
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip?bjmeg
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/30.3/AgentPackageOsUpdates.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/30.3/AgentPackageOsUpdates.zip?bjmegWC
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/26.7/AgentPackageProgramManage
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.3/AgentPackageSTRemote.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.3/AgentPackageSTRemote.zip?bjmegWCVf
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip?bj
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.3/AgentPackageTicketing.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.3/AgentPackageTicketing.zip?bjmegWC
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.6/AgentPackageUpgradeAgent.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.6/AgentPackageUpgradeAgent.zip?b
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E59000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPacka
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageADRemote/1.2/AgentPackageADRemote.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9/AgentPackageHeartbeat.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageInternalPoller/15.9/AgentPackageInternalPoller.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMarketplace/13.0/AgentPackageMarketplace.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageOsUpdates/1.0/AgentPackageOsUpdates.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageProgramManagement/15.5/AgentPackageProgramManageme
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSystemTools/18.9/AgentPackageSystemTools.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTicketing/18.9/AgentPackageTicketing.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageUpgradeAgent/22.1/AgentPackageUpgradeAgent.zip
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageWindowsUpdate/18.3/AgentPackageWindowsUpdate.zip
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: https://ps.atera.com/installers/Agents/Mac/
                      Source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: https://ps.atera.com/installers/Agents/Windows/
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpString found in binary or memory: https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkg
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgX
                      Source: AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B61000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000000.3343936509.0000021F600B2000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpString found in binary or memory: https://ps.atera.com/translations/TicketingTray/
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A762000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pnd
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A83B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A889000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A9EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AA7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A83B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A889000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E72000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595AB85000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A9EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=2a4386c5-fb78-42bc-bc66-809f59069746
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=35e7852f-4d41-4287-9f34-868a2ca4e355
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3731828f-689b-47d5-8c5b-2852aeae3ede
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=57218642-85f1-4d2f-9711-6ff3af9772c8
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=5df7da6c-991d-4e94-9353-18a62c793493
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=62e31320-46ec-4486-90a2-3059f41e6a24
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=682c702a-02e6-4511-9748-6f3efa6b70e9
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=73c42b57-e326-4df7-8746-be7c8e77a131
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=749c97d9-f428-4102-9808-eac945968cf1
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8293878b-e837-4025-bdee-1d2bd31b5fa2
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d48d7402-4398-48d5-8d91-39e8396f0920
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/374ce1d0
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/su
                      Source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/374ce1d0-41ea-4bc2-9f02
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://rt.services.visualstudio.com/l
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpString found in binary or memory: https://setup-app-resolver.atera.com
                      Source: Microsoft.ApplicationInsights.dll.14.drString found in binary or memory: https://snapshot.monitor.azure.com/&
                      Source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpString found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnosti
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drString found in binary or memory: https://www.digicert.com/CPS0
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                      Source: Newtonsoft.Json.dll1.14.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                      Source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3506223685.00000259726C0000.00000002.00000001.01000000.0000002D.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2962840526.000001428E772000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 00000021.00000002.3384490162.000002A4E2DA2000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll1.14.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                      Source: SQLite.Interop.dll.14.drString found in binary or memory: https://www.sqlite.org/copyright.html2
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95Jump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                      Spam, unwanted Advertisements and Ransom Demands

                      barindex
                      Reads the Security eventlog
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
                      Reads the System eventlog
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714d8.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1620.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BDE.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E00.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3256.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3257.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI32B6.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI349B.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714da.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714da.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A38.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714db.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA90D.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIADE0.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICD60.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID725.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID745.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID8DC.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDB8D.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDBC.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDDC.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEA8.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF84.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714e7.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714e7.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3CB.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714e8.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8B4B.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8B9A.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{B7C5EA94-B96A-41F5-BE95-25D78B486678}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8C86.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D6F.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA31D.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714eb.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714eb.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF891.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB80.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7C.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI160F.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B40.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714ed.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI237E.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{9C80213E-9079-4561-8D57-1FDD0D62251F}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24C8.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f0.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f0.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5138.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f1.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5659.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{F59C11F0-D73F-452B-8D1D-8C33B82D8507}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI56E7.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f4.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f4.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5968.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f5.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E4B.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{362B4D0D-8438-44DA-86B2-FEC44E000FCA}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EBA.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f8.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5714f8.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7550.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\Newtonsoft.Json.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\System.Management.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\CustomAction.configJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\Newtonsoft.Json.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\System.Management.dllJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\CustomAction.configJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\Newtonsoft.Json.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\System.Management.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\CustomAction.config
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\AlphaControlAgentInstallation.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\Newtonsoft.Json.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\System.Management.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\CustomAction.config
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\AlphaControlAgentInstallation.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\Newtonsoft.Json.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\System.Management.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\CustomAction.config
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\Newtonsoft.Json.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\System.Management.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\CustomAction.config
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageTicketing.exe.log
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\AlphaControlAgentInstallation.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\Newtonsoft.Json.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\System.Management.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\CustomAction.config
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log
                      Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI1620.tmpJump to behavior
                      Source: Joe Sandbox ViewDropped File: 5714df.rbf (copy) A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                      Source: System.Private.CoreLib.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.NameResolution.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Security.Cryptography.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Runtime.InteropServices.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.IO.FileSystem.DriveInfo.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Formats.Tar.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Threading.Tasks.Parallel.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.ComponentModel.TypeConverter.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Threading.Channels.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.Quic.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Collections.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.Security.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.WebClient.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Linq.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Console.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.Http.Json.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Reflection.Metadata.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Runtime.CompilerServices.VisualC.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Linq.Queryable.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Reflection.Emit.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.IO.MemoryMappedFiles.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Collections.Specialized.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Xml.XPath.XDocument.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.ComponentModel.EventBasedAsync.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Formats.Asn1.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.Sockets.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Data.Common.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Runtime.Serialization.Primitives.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.IO.Compression.Brotli.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Threading.Tasks.Dataflow.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.WebProxy.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.WebSockets.Client.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Text.Json.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Diagnostics.StackTrace.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.ComponentModel.Primitives.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.IO.FileSystem.Watcher.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.NetworkInformation.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.ServicePoint.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Linq.Expressions.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Linq.Parallel.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Security.Principal.Windows.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.IO.Pipes.dll.2.drStatic PE information: No import functions for PE file found
                      Source: System.Net.Primitives.dll.2.drStatic PE information: No import functions for PE file found
                      Source: PropostaOrcamentoPdf.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs PropostaOrcamentoPdf.msi
                      Source: PropostaOrcamentoPdf.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs PropostaOrcamentoPdf.msi
                      Source: PropostaOrcamentoPdf.msiBinary or memory string: OriginalFilenamewixca.dll\ vs PropostaOrcamentoPdf.msi
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: Commandline size = 2930
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: Commandline size = 2930
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winMSI@93/975@0/11
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7772:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6464:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7780:120:WilError_03
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: NULL
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4632:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7236:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2736:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6360:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3544:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1404:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7184:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5880:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7348:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7608:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5904:120:WilError_03
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4916:120:WilError_03
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF37A9305ECBF11C13.TMPJump to behavior
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                      Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                      Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1620.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5707390 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                      Source: SQLite.Interop.dll.14.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: SQLite.Interop.dll.14.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                      Source: SQLite.Interop.dll.14.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                      Source: SQLite.Interop.dll.14.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                      Source: 5714f5.msi.2.drBinary or memory string: SELECT `WixDependencyProvider`.`WixDependencyProvider`, `WixDependencyProvider`.`Component_`, `WixDependencyProvider`.`ProviderKey`, `WixDependencyProvider`.`Attributes` FROM `WixDependencyProvider`SELECT `WixDependency`.`WixDependency`, `WixDependencyProvider`.`Component_`, `WixDependency`.`ProviderKey`, `WixDependency`.`MinVersion`, `WixDependency`.`MaxVersion`, `WixDependency`.`Attributes` FROM `WixDependencyProvider`, `WixDependency`, `WixDependencyRef` WHERE `WixDependency`.`WixDependency` = `WixDependencyRef`.`WixDependency_` AND `WixDependencyProvider`.`WixDependencyProvider` = `WixDependencyRef`.`WixDependencyProvider_`WixDependencyRequireFailed to initialize.Failed to initialize the registry functions.ALLUSERSFailed to ensure required dependencies for (re)installing components.WixDependencyCheckFailed to ensure absent dependents for uninstalling components.WixDependencySkipping the dependency check since no dependencies are authored.Failed to check if the WixDependency table exists.Failed to initialize the unique dependency string list.Failed to open the query view for dependencies.Failed to get WixDependency.WixDependency.Failed to get WixDependencyProvider.Component_.Skipping dependency check for %ls because the component %ls is not being (re)installed.Failed to get WixDependency.ProviderKey.Failed to get WixDependency.MinVersion.Failed to get WixDependency.MaxVersion.Failed to get WixDependency.Attributes.Failed dependency check for %ls.Failed to enumerate all of the rows in the dependency query view.Failed to create the dependency record for message %d.Unexpected message response %d from user or bootstrapper application.Failed to get the ignored dependents.ALLFailed to check if "ALL" was set in IGNOREDEPENDENCIES.Skipping the dependencies check since IGNOREDEPENDENCIES contains "ALL".WixDependencyProviderSkipping the dependents check since no dependency providers are authored.Failed to check if the WixDependencyProvider table exists.Failed to open the query view for dependency providers.Failed to get WixDependencyProvider.WixDependencyProvider.Failed to get WixDependencyProvider.Component.Skipping dependents check for %ls because the component %ls is not being uninstalled.Failed to get WixDependencyProvider.ProviderKey.Failed to get WixDependencyProvider.Attributes.Failed dependents check for %ls.Failed to enumerate all of the rows in the dependency provider query view.;IGNOREDEPENDENCIESFailed to get the string value of the IGNOREDEPENDENCIES property.Failed to create the string dictionary.Failed to ignored dependency "%ls" to the string dictionary.d:\a\_work\1\s\src\ext\dependencyextension\ca\wixdepca.cppNot enough memory to create the message record.Failed to set the message identifier into the message record.Failed to set the number of dependencies into the message record.The dependency "%ls" is missing or is not the required version.Found dependent "%ls", name: "%ls".Failed to set the dependency key "%ls" into the message record
                      Source: SQLite.Interop.dll.14.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                      Source: SQLite.Interop.dll.14.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                      Source: SQLite.Interop.dll.14.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                      Source: PropostaOrcamentoPdf.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                      Source: PropostaOrcamentoPdf.msiVirustotal: Detection: 19%
                      Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PropostaOrcamentoPdf.msi"
                      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B34153CDE5D0C02494ABF2A25FF83C1C
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1620.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5707390 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1BDE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5708812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI2E00.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5713437 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 76C5016BCD6723C10255D2DE20E244D9 E Global\MSI0000
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="orcamentos96@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PPQvXIAX" /AgentId="374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3"
                      Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI4A38.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5720687 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "31fd3e86-7595-463e-92f6-60c24bb7aa8c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3634c52b-6d9d-4510-b9da-41a474bfadc9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3d5dc085-b6e7-4fa2-ab3b-75d4e067138f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible "
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "11dde691-674b-4abc-a849-3026371a4444" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                      Source: unknownProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7482BF808364957C1D679E43E52AA945 E Global\MSI0000
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA90D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5810546 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIADE0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5811859 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "d30aea16-8ebf-49ba-8534-a09d49b9b6b8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k smphost
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "25a609e0-48c4-43ea-ab9f-0e5ee31d888e" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSICD60.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5819796 46 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B34153CDE5D0C02494ABF2A25FF83C1CJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 76C5016BCD6723C10255D2DE20E244D9 E Global\MSI0000Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="orcamentos96@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PPQvXIAX" /AgentId="374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3"Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7482BF808364957C1D679E43E52AA945 E Global\MSI0000Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /uJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1620.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5707390 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1BDE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5708812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI2E00.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5713437 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI4A38.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5720687 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "31fd3e86-7595-463e-92f6-60c24bb7aa8c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3634c52b-6d9d-4510-b9da-41a474bfadc9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3d5dc085-b6e7-4fa2-ab3b-75d4e067138f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "11dde691-674b-4abc-a849-3026371a4444" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "d30aea16-8ebf-49ba-8534-a09d49b9b6b8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "25a609e0-48c4-43ea-ab9f-0e5ee31d888e" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible "
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA90D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5810546 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIADE0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5811859 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSICD60.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5819796 46 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                      Source: C:\Windows\SysWOW64\net.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dll
                      Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dll
                      Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dll
                      Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dll
                      Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dll
                      Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dll
                      Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                      Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: napinsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: pnrpnsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wshbth.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: nlaapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winrnr.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: napinsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: pnrpnsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wshbth.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: nlaapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winrnr.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: napinsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: pnrpnsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wshbth.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: nlaapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winrnr.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wscapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: urlmon.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iertutil.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: srvcli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: netutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wtsapi32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winsta.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: devobj.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: tpmcoreprovisioning.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: certenroll.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: devobj.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: certca.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsparse.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: tbs.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: apphelp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: taskschd.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: sxs.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: xmllite.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: rasapi32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: rasman.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: rtutils.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: mswsock.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: secur32.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: schannel.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: mskeyprotect.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ntasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ncrypt.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ncryptsslp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: gpapi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ntmarta.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: msi.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: version.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: vbscript.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: cryptnet.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dll
                      Source: C:\Windows\System32\cscript.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
                      Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl.iniJump to behavior
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA NetworksJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgentJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.configJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\sharedJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.AppJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.IsolatedStorage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.ZipFile.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encodings.Web.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.FileVersionInfo.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Memory.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Ping.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Configuration.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Immutable.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\coreclr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.Local.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Mail.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.DiagnosticSource.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.HttpUtility.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.Core.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Timer.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.HttpListener.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.CSharp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Claims.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.Linq.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.runtimeconfig.jsonJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.versionJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.deps.jsonJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\hostJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxrJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}Jump to behavior
                      Source: PropostaOrcamentoPdf.msiStatic file information: File size 2994176 > 1048576
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.2.dr
                      Source: Binary string: \mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/obj/Release/Microsoft.ApplicationInsights/net46/Microsoft.ApplicationInsights.pdb source: Microsoft.ApplicationInsights.dll.14.dr
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.2.dr
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.2.dr
                      Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.2962298010.000001A692422000.00000002.00000001.01000000.00000018.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3996033641.000001F341072000.00000002.00000001.01000000.00000031.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbd source: AgentPackageUpgradeAgent.exe, 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.2.dr
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.2.dr
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDBpxU source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.PDB source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\SRChat.pdb source: SRAudioChat.exe.2.dr
                      Source: Binary string: D:\a\_work\1\s\build\ship\x86\uica.pdb source: 5714f5.msi.2.dr
                      Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.2.dr
                      Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A30000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.3514996813.0000025972D52000.00000002.00000001.01000000.0000002E.sdmp, ICSharpCode.SharpZipLib.dll.31.dr
                      Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.dr
                      Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3339532095.00000000029A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdbs source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\TicketingPackageExtensions.pdbhb4 source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A91000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 0000002A.00000002.3346049540.0000000006D50000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdbTlnl `l_CorExeMainmscoree.dll source: AgentPackageTicketing.exe, 0000002B.00000000.3303535329.000001F340852000.00000002.00000001.01000000.00000025.sdmp, AgentPackageTicketing.exe.14.dr
                      Source: Binary string: d:\str\dev\win32\stgamepad\bus\objfre_win7_amd64\amd64\stgamepad.pdb source: stgamepad.sys0.2.dr
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3530333041.000001991C0B2000.00000002.00000001.01000000.0000002F.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: PropostaOrcamentoPdf.msi, 5714e7.msi.2.dr
                      Source: Binary string: D:\a\12\s\AteraNugetPackages\Atera.AgentPackages.Exceptions\Atera.AgentPackages.Exceptions\obj\Release\Atera.AgentPackages.Exceptions.pdbJ,d, V,_CorDllMainmscoree.dll source: Atera.AgentPackages.Exceptions.dll.14.dr
                      Source: Binary string: \??\C:\Windows\TicketingPackageExtensions.pdbpdb source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359AD4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.2.dr
                      Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\netfx\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: System.Runtime.InteropServices.RuntimeInformation.dll0.14.dr
                      Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdby! source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdbSHA256 source: System.Runtime.Serialization.Json.dll.2.dr
                      Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.2962298010.000001A692422000.00000002.00000001.01000000.00000018.sdmp
                      Source: Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.2.dr
                      Source: Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\TicketingPackageExtensions.pdbe source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359AD4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: XC:\Windows\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdb( source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A5C000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: c:\winddk\6000\src\video\displays\mirror\mini\objfre_wxp_x86\i386\mv2.pdb source: mv2.sys1.2.dr
                      Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: SQLite.Interop.dll.14.dr
                      Source: Binary string: c:\winddk\6000\src\video\displays\mirror\mini\objfre_wxp_x86\i386\mv2.pdbN source: mv2.sys1.2.dr
                      Source: Binary string: \??\C:\Windows\dll\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359AD4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: 8C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.PDB source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Contracts\4.0.1.0\System.Diagnostics.Contracts.pdb source: System.Diagnostics.Contracts.dll.14.dr
                      Source: Binary string: \??\C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029B8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: dows\dll\System.pdb!4 source: rundll32.exe, 0000002A.00000002.3339532095.00000000029CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ?nnC:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.pdb= source: rundll32.exe, 0000002A.00000002.3337788630.0000000000347000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdboT source: rundll32.exe, 0000002A.00000002.3339532095.00000000029B8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\12\s\AteraNugetPackages\Atera.AgentPackages.Exceptions\Atera.AgentPackages.Exceptions\obj\Release\Atera.AgentPackages.Exceptions.pdb source: Atera.AgentPackages.Exceptions.dll.14.dr
                      Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb8 source: AteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.dr
                      Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 0000002A.00000002.3339532095.00000000029A1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\build\ship\x86\WixDepCA.pdb source: 5714f5.msi.2.dr
                      Source: Binary string: HPbn\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3337788630.0000000000347000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029AD000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.14.dr
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.2.dr
                      Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdb source: System.Security.Cryptography.OpenSsl.dll.2.dr
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.14.dr
                      Source: Binary string: \??\C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.pdb9 T:X source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb2 source: rundll32.exe, 0000002A.00000002.3339532095.00000000029AD000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: C:\Windows\TicketingPackageExtensions.pdbpdbons.pdb10.0 source: AgentPackageTicketing.exe, 0000002B.00000002.3991728641.000001F340A91000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: sions.pdbRT source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.2.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbIf source: rundll32.exe, 0000002A.00000002.3339532095.0000000002944000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdbc source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.3514996813.0000025972D52000.00000002.00000001.01000000.0000002E.sdmp, ICSharpCode.SharpZipLib.dll.31.dr
                      Source: Binary string: symbols\dll\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3506223685.00000259726C0000.00000002.00000001.01000000.0000002D.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: c:\svn\branches\features\iris00_v3_20150407_69486\win32\stxpsdrv\src\filters\color\objfre_win7_x86\i386\XDColMan.pdb source: XDColMan.dll.2.dr
                      Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdbSHA256 source: System.Security.Cryptography.OpenSsl.dll.2.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdbsions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000014.00000002.2962840526.000001428E772000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 00000021.00000002.3384490162.000002A4E2DA2000.00000002.00000001.01000000.0000002B.sdmp, Newtonsoft.Json.dll1.14.dr
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlDocument\4.0.3.0\System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.14.dr
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3506223685.00000259726C0000.00000002.00000001.01000000.0000002D.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2962840526.000001428E772000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 00000021.00000002.3384490162.000002A4E2DA2000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll1.14.dr
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3530333041.000001991C0B2000.00000002.00000001.01000000.0000002F.sdmp
                      Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageOsUpdates\AgentPackageOsUpdates\obj\Release\AgentPackageOsUpdates.pdb source: AteraAgent.exe, 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: devcon.pdbhe source: devcon.exe6.2.dr
                      Source: Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\exe\AgentPackageUpgradeAgent.pdbi source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.2.dr
                      Source: Binary string: d:\svn\sr01\tim\dev\win32\stvideo\display\objfre_win7_x86\i386\stvideo.pdb source: stvideo.dll.2.dr
                      Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000002A.00000002.3346049540.0000000006D7F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.pdb source: rundll32.exe, 0000002A.00000002.3339532095.00000000029A1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: devcon.pdb source: devcon64.exe0.2.dr, devcon.exe6.2.dr
                      Source: Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\netfx\System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll0.14.dr
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\FormControlsLibrary\obj\Release\FormControlsLibrary.pdb source: FormControlsLibrary.dll.14.dr
                      Source: Binary string: d:\str\dev\win32\sthid\hidmapper\objfre_win7_x86\i386\hidkmdf.pdb source: hidkmdf.sys.2.dr
                      Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Extensions\4.1.2.0\System.Runtime.Extensions.pdb source: System.Runtime.Extensions.dll.14.dr
                      Source: Binary string: TicketingPackageExtensions.PDB source: AgentPackageTicketing.exe, 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2352694791.000001E375692000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.2.dr
                      Source: Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.2.dr
                      Source: Binary string: d:\str\dev\win32\sthid\hidmapper\objfre_win7_x86\i386\hidkmdf.pdbN source: hidkmdf.sys.2.dr
                      Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2352694791.000001E375692000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll0.2.dr
                      Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A30000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: PropostaOrcamentoPdf.msi, 5714e7.msi.2.dr
                      Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.2.dr
                      Source: Binary string: .pdbA source: AgentPackageUpgradeAgent.exe, 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 0000002B.00000000.3303535329.000001F340852000.00000002.00000001.01000000.00000025.sdmp, AgentPackageTicketing.exe.14.dr
                      Source: Binary string: D:\a\_work\1\s\build\ship\x86\wixca.pdb source: 5714f5.msi.2.dr, MSI5E4B.tmp.2.dr, MSI5138.tmp.2.dr
                      Source: System.Net.WebSockets.Client.dll.2.drStatic PE information: 0x81952636 [Mon Nov 22 10:45:10 2038 UTC]
                      Source: Microsoft.DiaSymReader.Native.amd64.dll.2.drStatic PE information: section name: .didat
                      Source: BdEpSDK.exe.2.drStatic PE information: section name: _RDATA
                      Source: System.Linq.Parallel.dll.2.drStatic PE information: section name: .text entropy: 6.816032788074863
                      Source: System.Net.Security.dll.2.drStatic PE information: section name: .text entropy: 6.830936228078686

                      Persistence and Installation Behavior

                      barindex
                      Creates files in the system32 config directory
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageTicketing.exe.log
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log
                      Sample is not signed and drops a device driver
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxywddm.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxywddm.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxywddm.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\32bits\stvad.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\32bits\stvad.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\64bits\stvspk.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sysJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PkgHelper.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppAnnotation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdbook.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\WBAppVidRec.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x86.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdsmplui.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.IsolatedStorage.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\dbghelp.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\my_setup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI349B.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8C86.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdnup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperEx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEA8.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiHelper.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\avutil-55.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppBrowser.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDDC.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI32B6.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdscale.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdscale.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdbook.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x64.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\my_setup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomCtrl32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdate.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiCaptor.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A38.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\dotnet.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.HttpListener.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5138.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsbVhciCtrl64.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID745.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUACCheck.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdsmplui.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdsmplui.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSocketCtrl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: 5714e2.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcrypto-3.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\Mirror2Extend.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Configuration.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5968.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.ZipFile.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.Local.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdwmark.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIADE0.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E00.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7C.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI160F.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Claims.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdwmark.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppBS.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encodings.Web.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libmp4v2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Memory.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppED.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperExx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxywddm.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRChat.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\PrnPort.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_iddcx.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdbook.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon64.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\qrcodelib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E4B.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdscale.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsb.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5659.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libssl-3.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x64\SRCredentialProvider.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: 5714e5.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SROpus.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDB8D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264Wrapper.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID8DC.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\32bits\stvad.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3257.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\swresample-2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\coreclr.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRApp.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrlEx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\setupdrv.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Ping.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BDE.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF84.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK_x86.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\64bits\stvspk.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\32bits\stvad.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B40.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.Linq.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdnup.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsbVhciCtrl32.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA90D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdsmplui.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdbook.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_iddcx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI237E.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: 5714e3.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppCam.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3CB.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppFileHound.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.sysJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_iddcx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICD60.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Mail.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdscale.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAdemWrapper.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioChat.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\my_setup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB80.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Elevator.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D6F.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.HttpUtility.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\NvFBC.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\setupdrv.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdnup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PinShortCut.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomUtil64.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcurl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7550.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxywddm.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdateInstall.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\my_setup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\setupdrv.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeatMini.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: 5714e1.rbf (copy)Jump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomUtil32.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdwmark.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.CSharp.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsb.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\fips.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\setupdrv.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\WdfCoInstaller01009.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8B4B.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Expressions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: 5714e4.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxywddm.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioResample.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x86\SRCredentialProvider.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\WdfCoInstaller01009.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Immutable.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\amf-vcedem-win32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.Core.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8B9A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1620.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Timer.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdnup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomCtrl64.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: 5714df.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdwmark.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_iddcx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B40.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI160F.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA90D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDB8D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID8DC.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB80.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8B4B.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3257.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9D6F.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSICD60.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI237E.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7550.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A38.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5968.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3CB.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeFile created: C:\Windows\Temp\SplashtopStreamer.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI349B.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8C86.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIADE0.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEA8.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E4B.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5138.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E00.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICD60.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5659.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA90D.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8B9A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1620.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID745.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDDC.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BDE.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF84.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI32B6.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIADE0.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7C.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI4A38.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1620.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2E00.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\AteraSetupLog.txt
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\license.txtJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txtJump to behavior

                      Boot Survival

                      barindex
                      Installs Task Scheduler Managed Wrapper
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                      Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
                      Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_LogicalDisk
                      Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1E3734B0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1E374FD0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 25959B70000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 25971DF0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1428E050000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 142A6970000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1A6923C0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1A6AA980000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 203CBA70000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 203E3B30000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 1991BB50000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 199341F0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 2A4CA100000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 2A4E2510000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeMemory allocated: 1F340C60000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeMemory allocated: 1F3590E0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeMemory allocated: 21F60400000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeMemory allocated: 21F78A30000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 13223AF0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1323D4D0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599889
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599781
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599672
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599562
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599453
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599342
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599232
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599125
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599010
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598906
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598788
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598671
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598562
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598431
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598328
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598218
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598108
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597890
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597781
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597672
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597538
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597411
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597234
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597059
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596931
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596827
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596719
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596609
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596390
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596279
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 600000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599870
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599737
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599615
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599389
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599258
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599156
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599046
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598936
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598828
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598718
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598608
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598499
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598366
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598242
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598140
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597888
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597759
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597655
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597546
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597437
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597327
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597217
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597107
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596994
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596890
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596777
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596660
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596546
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596436
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596314
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596187
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596077
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595961
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595840
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595718
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595607
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595368
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595089
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594982
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594874
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594754
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594586
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594447
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594333
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594215
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594107
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593999
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593890
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593778
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593671
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 600000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599859
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599730
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599609
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599493
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599375
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599266
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599155
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599043
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598927
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598797
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598676
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598557
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598292
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598172
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598059
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597910
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597790
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597650
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597536
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597419
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597281
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597171
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597062
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596953
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596844
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596734
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596624
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596516
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596406
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596297
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596170
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596062
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595948
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595828
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595719
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595609
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595390
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595278
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595156
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595047
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594935
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594813
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594688
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594568
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594438
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594328
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594212
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594094
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593984
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593875
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 2876
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 6846
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 7266
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9057
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 419
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeWindow / User API: threadDelayed 8570
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeWindow / User API: threadDelayed 1196
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeWindow / User API: threadDelayed 5602
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeWindow / User API: threadDelayed 4215
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CredentialManagement.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PkgHelper.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Primitives.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppAnnotation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdbook.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\WBAppVidRec.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4A38.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x86.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\ICSharpCode.SharpZipLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdsmplui.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.IsolatedStorage.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4A38.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\my_setup.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Pubnub.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI349B.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8C86.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1620.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperEx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdnup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFEA8.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiHelper.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\avutil-55.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppBrowser.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFDDC.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI32B6.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdscale.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdscale.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdbook.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x64.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Microsoft.ApplicationInsights.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\my_setup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomCtrl32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdate.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiCaptor.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4A38.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\dotnet.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.HttpListener.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5138.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsbVhciCtrl64.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID745.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUACCheck.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdsmplui.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1620.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdsmplui.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\System.ValueTuple.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 5714e2.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSocketCtrl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcrypto-3.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1BDE.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\Mirror2Extend.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Configuration.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5968.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA90D.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.ZipFile.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.Local.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdwmark.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIADE0.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2E00.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA90D.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7C.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICD60.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI160F.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Claims.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdwmark.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encodings.Web.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppBS.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libmp4v2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Memory.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppED.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperExx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxywddm.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRChat.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\PrnPort.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_iddcx.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdbook.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon64.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA90D.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5E4B.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\qrcodelib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdscale.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsb.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5659.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIADE0.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libssl-3.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x64\SRCredentialProvider.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 5714e5.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICD60.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SROpus.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIADE0.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDB8D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264Wrapper.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID8DC.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1BDE.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\32bits\stvad.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3257.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\swresample-2.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICD60.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\coreclr.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\CredentialManagement.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRApp.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrlEx.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\setupdrv.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4A38.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Ping.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1BDE.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFF84.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4A38.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2E00.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK_x86.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\64bits\stvspk.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\32bits\stvad.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1B40.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSICD60.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdnup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.Linq.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsbVhciCtrl32.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA90D.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdsmplui.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdbook.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_iddcx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\XDColMan.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2E00.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd32.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI237E.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 5714e3.rbf (copy)Jump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppCam.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3CB.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppFileHound.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1BDE.tmp-\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeDropped PE file which has not been started: C:\Windows\Temp\SplashtopStreamer.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_iddcx.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\stprintmon.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICD60.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd64.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Mail.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdscale.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAdemWrapper.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioChat.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\my_setup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFB80.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Elevator.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9D6F.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.HttpUtility.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\NvFBC.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\setupdrv.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdnup.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sysJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dllJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\BouncyCastle.Crypto.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIADE0.tmp-\System.Management.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PinShortCut.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomUtil64.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcurl.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7550.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sysJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon.exeJump to dropped file
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxywddm.sysJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exe TID: 6904Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 368Thread sleep time: -60000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4952Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4544Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2300Thread sleep count: 2876 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7340Thread sleep time: -25825441703193356s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7340Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2300Thread sleep count: 6846 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7376Thread sleep time: -90000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7384Thread sleep time: -2767011611056431s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7372Thread sleep time: -180000s >= -30000s
                      Source: C:\Windows\SysWOW64\rundll32.exe TID: 7412Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7908Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7848Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7920Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7856Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6460Thread sleep count: 7266 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -20291418481080494s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -600000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599889s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599781s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599672s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599562s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599453s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599342s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599232s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599125s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -599010s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598906s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598788s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598671s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598562s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598431s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598328s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598218s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598108s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -598000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -597890s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -597781s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -597672s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -597538s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -597411s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -597234s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -597059s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -596931s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -596827s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -596719s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -596609s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -596500s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -596390s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4896Thread sleep time: -596279s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2036Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6080Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5228Thread sleep count: 9057 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6472Thread sleep count: 419 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5984Thread sleep time: -5534023222112862s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 3976Thread sleep time: -60000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 7516Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 6984Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 7152Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\rundll32.exe TID: 2732Thread sleep time: -30000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 6416Thread sleep count: 8570 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep count: 38 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -35048813740048126s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -600000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599870s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599737s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599615s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599500s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599389s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599258s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599156s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -599046s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598936s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598828s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598718s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598608s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598499s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598366s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598242s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -598140s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597888s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597759s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597655s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597546s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597437s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597327s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597217s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -597107s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596994s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596890s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596777s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596660s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596546s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596436s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596314s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596187s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 5824Thread sleep count: 1196 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -596077s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -595961s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -595840s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -595718s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -595607s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -595500s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -595368s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -595089s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594982s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594874s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594754s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594586s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594447s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594333s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594215s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -594107s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -593999s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -593890s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -593778s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 972Thread sleep time: -593671s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep count: 36 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -33204139332677172s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -600000s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1208Thread sleep count: 5602 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599859s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599730s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599609s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599493s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599375s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599266s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 1208Thread sleep count: 4215 > 30
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599155s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -599043s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -598927s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -598797s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -598676s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -598557s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -598292s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -598172s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -598059s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597910s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597790s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597650s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597536s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597419s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597281s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597171s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -597062s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596953s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596844s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596734s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596624s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596516s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596406s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596297s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596170s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -596062s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595948s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595828s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595719s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595609s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595500s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595390s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595278s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595156s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -595047s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594935s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594813s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594688s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594568s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594438s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594328s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594212s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -594094s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -593984s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4148Thread sleep time: -593875s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1072Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599889
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599781
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599672
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599562
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599453
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599342
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599232
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599125
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599010
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598906
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598788
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598671
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598562
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598431
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598328
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598218
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598108
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597890
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597781
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597672
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597538
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597411
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597234
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597059
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596931
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596827
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596719
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596609
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596390
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596279
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 600000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599870
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599737
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599615
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599389
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599258
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599156
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599046
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598936
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598828
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598718
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598608
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598499
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598366
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598242
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598140
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597888
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597759
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597655
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597546
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597437
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597327
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597217
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597107
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596994
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596890
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596777
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596660
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596546
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596436
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596314
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596187
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596077
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595961
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595840
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595718
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595607
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595368
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595089
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594982
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594874
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594754
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594586
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594447
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594333
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594215
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594107
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593999
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593890
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593778
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593671
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 600000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599859
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599730
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599609
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599493
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599375
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599266
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599155
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599043
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598927
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598797
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598676
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598557
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598292
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598172
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598059
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597910
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597790
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597650
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597536
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597419
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597281
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597171
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597062
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596953
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596844
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596734
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596624
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596516
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596406
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596297
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596170
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596062
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595948
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595828
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595719
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595609
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595500
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595390
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595278
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595156
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595047
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594935
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594813
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594688
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594568
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594438
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594328
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594212
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594094
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593984
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593875
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                      Source: svchost.exe, 0000002D.00000002.4844728291.00000239BB2EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tEventVmNetworkAdapter',
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapterX
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3413074882.00000203E4507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceSynchronizes the system time of this virtual machine with the system time of the physical computer.Hyper-V Time Synchronization ServicevmictimesyncStopped
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapterX
                      Source: svchost.exe, 0000002D.00000002.4843681561.00000239BB24F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xmlX
                      Source: AteraAgent.exe, 0000000D.00000002.2352895888.000001E375807000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E375780000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2352895888.000001E37586C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3511757048.0000025972A0D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3508650457.000002597296A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550578996.00000199349FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Add-NetEventVmNetworkAdapter',
                      Source: svchost.exe, 0000002D.00000002.4844728291.00000239BB2EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                      Source: svchost.exe, 0000002D.00000002.4844027331.00000239BB2A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk6000C29C2BEA38880A8A16EE9F37BEC90VMwareVirtual disk6000c29c2bea38880a8a16ee9f37bec92.0
                      Source: rundll32.exe, 00000012.00000002.2405861735.0000000000705000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll"
                      Source: svchost.exe, 0000002D.00000002.4844252992.00000239BB2CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @manufacturer"vmware"
                      Source: AgentPackageAgentInformation.exe.14.drBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3410984799.00000203E4479000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicshutdown
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3410984799.00000203E4479000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicheartbeatvmicheartbeatStopped
                      Source: svchost.exe, 0000002D.00000002.4843681561.00000239BB24F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JSetPropValue.Manufacturer("VMware");
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3413074882.00000203E4507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStoppedc/E
                      Source: SRAudioChat.exe.2.drBinary or memory string: _rb0JanFebMarAprMayJunJulAugSepOctNovDec<%d>%s %08X%03d [%8s]:<%d>%s%02d %02d:%02d:%02d.%03d %8s\debug.dvmdebugAV.dvmdebug.FTdebugKbd.dvmrUNIVERSAL_PATH_CONVERTSITEnableIRISFTCLogPipeIRISLogPipe\\.\pipe\%s%d\\.\pipe\%sCould not open pipe. GLE=Could not open pipe: 10 ms wait timed out.SetNamedPipeHandleState failed. GLE=WriteFile to pipe failed. GLE=LogServer is not existed!%pLuLdluldlist too longeEpPp4
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3411830011.00000203E44B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicvss
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3421505569.00000203E46D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSFT_PhysicalDisk{1}\\user-PC\root/Microsoft/Windows/Storage/Providers_v2\SPACES_PhysicalDisk.ObjectId="{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{82094220-2cdd-02cd-b432-0b988e9f4438}"6000C29C2BEA38880A8A16EE9F37BEC9VMware Virtual diskVMwareVirtual disk6000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3410984799.00000203E4479000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicshutdownvmicshutdownStoppedX
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3413074882.00000203E4507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3413074882.00000203E4507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
                      Source: svchost.exe, 0000002D.00000003.3314048772.00000239BB61B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C29C2BEA38880A8A16EE9F37BEC9
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3410984799.00000203E4479000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
                      Source: svchost.exe, 0000002D.00000002.4844252992.00000239BB2B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .@SetPropValue.FriendlyName("VMware Virtual disk");
                      Source: AgentPackageAgentInformation.exe, 00000014.00000002.2961435509.000001428DE9B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZZ
                      Source: svchost.exe, 0000002D.00000002.4843681561.00000239BB24F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dSetPropValue.FriendlyName("VMware Virtual disk");
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3421505569.00000203E46D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kVMwareV
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Remove-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3412940200.00000203E44F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_Service.Name="vmicheartbeat"
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3411830011.00000203E44B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicvssvmicvssStopped
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3413074882.00000203E4507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
                      Source: svchost.exe, 0000002D.00000002.4843739659.00000239BB268000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C29C2BEA38880A8A16EE9F37BEC9(
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapterX
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStoppedmN
                      Source: svchost.exe, 0000002D.00000002.4843562715.00000239BB224000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20nSS @
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxmlX
                      Source: rundll32.exe, 00000005.00000002.2281486485.00000000034E6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2961473498.000001A6922DE000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3415240965.00000203E4555000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3550403996.00000199349EF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.4427503164.000001F359A5C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4374433116.0000021F792D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: svchost.exe, 0000002D.00000002.4844252992.00000239BB2CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@"VMware Virtual disk"
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStopped
                      Source: svchost.exe, 0000002D.00000002.4843681561.00000239BB24F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3413074882.00000203E4507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStopped
                      Source: svchost.exe, 0000002D.00000002.4843681561.00000239BB24F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                      Source: rundll32.exe, 0000002A.00000002.3339532095.00000000029B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
                      Source: svchost.exe, 0000002D.00000002.4843489828.00000239BB213000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3413074882.00000203E4507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
                      Source: svchost.exe, 0000002D.00000002.4844252992.00000239BB2B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@SetPropValue.FriendlyName("VMware Virtual disk");
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Get-NetEventVmNetworkAdapter',
                      Source: AgentPackageAgentInformation.exe, 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped
                      Source: powershell.exe, 0000001D.00000002.3144833957.00000193CF7C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
                      Source: svchost.exe, 0000002D.00000002.4844728291.00000239BB2EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SPACES_PhysicalDisk{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{82094220-2cdd-02cd-b432-0b988e9f4438}6000C29C2BEA38880A8A16EE9F37BEC9VMware Virtual diskVMwareVirtual disk6000c29c2bea38880a8a16ee9f37bec9PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                      Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.119.152.241 443
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="orcamentos96@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PPQvXIAX" /AgentId="374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3"Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /uJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "31fd3e86-7595-463e-92f6-60c24bb7aa8c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3634c52b-6d9d-4510-b9da-41a474bfadc9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3d5dc085-b6e7-4fa2-ab3b-75d4e067138f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "11dde691-674b-4abc-a849-3026371a4444" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "d30aea16-8ebf-49ba-8534-a09d49b9b6b8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "25a609e0-48c4-43ea-ab9f-0e5ee31d888e" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000PPQvXIAX
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible "
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                      Source: C:\Windows\SysWOW64\net.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="orcamentos96@gmail.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000ppqvxiax" /agentid="374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3"
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "31fd3e86-7595-463e-92f6-60c24bb7aa8c" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3634c52b-6d9d-4510-b9da-41a474bfadc9" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3d5dc085-b6e7-4fa2-ab3b-75d4e067138f" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -noprofile -command " ################################################################################################ # windows 11 compatibility check script # ################################################################################################ # compatibility flag $iscompatible = $true # check if current os is windows 10 $osversion = (get-ciminstance -class win32_operatingsystem).caption if (-not $osversion.contains('windows 10')) { return } # architecture x64 $arch = (get-ciminstance -class cim_computersystem).systemtype $archvalue = 'x64-based pc' if ($arch -ne $archvalue) { $iscompatible = $false } # screen resolution $screeninfo = (get-ciminstance -classname win32_videocontroller).currentverticalresolution $valuemin = 720 if ($screeninfo -le $valuemin) { $iscompatible = $false } # cpu composition $core = (get-ciminstance -class cim_processor | select-object *).numberofcores $corevalue = 2 $frequency = (get-ciminstance -class cim_processor | select-object *).maxclockspeed $frequencyvalue = 1000 if (-not (($core -ge $corevalue) -and ($frequency -ge $frequencyvalue))) { $iscompatible = $false } # tpm $tpm2 = $false if ((get-tpm).manufacturerversionfull20) { $tpm2 = -not (get-tpm).manufacturerversionfull20.contains('not supported') } if ($tpm2 -contains $false) { $iscompatible = $false } # secure boot $secureboot = confirm-securebootuefi if ($secureboot -ne $true) { $iscompatible = $false } # ram available $memory = (get-ciminstance -class cim_computersystem).totalphysicalmemory $setminmemory = 4294967296 if ($memory -lt $setminmemory) { $iscompatible = $false } # storage available $listdisk = get-ciminstance -class win32_logicaldisk | where-object { $_.drivetype -eq '3' } $setminsizelimit = 64gb $diskcompatible = $false foreach ($disk in $listdisk) { if ($disk.freespace -ge $setminsizelimit) { $diskcompatible = $true } } if (-not $diskcompatible) { $iscompatible = $false } # output final result $iscompatible "
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageupgradeagent\agentpackageupgradeagent.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "11dde691-674b-4abc-a849-3026371a4444" agent-api.atera.com/production 443 or8ixli90mf "checkforupdates" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageticketing\agentpackageticketing.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "d30aea16-8ebf-49ba-8534-a09d49b9b6b8" agent-api.atera.com/production 443 or8ixli90mf "maintain" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "25a609e0-48c4-43ea-ab9f-0e5ee31d888e" agent-api.atera.com/production 443 or8ixli90mf "downloadifneeded" 001q300000ppqvxiax
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="orcamentos96@gmail.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000ppqvxiax" /agentid="374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3"Jump to behavior
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "31fd3e86-7595-463e-92f6-60c24bb7aa8c" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3634c52b-6d9d-4510-b9da-41a474bfadc9" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3d5dc085-b6e7-4fa2-ab3b-75d4e067138f" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageupgradeagent\agentpackageupgradeagent.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "11dde691-674b-4abc-a849-3026371a4444" agent-api.atera.com/production 443 or8ixli90mf "checkforupdates" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageticketing\agentpackageticketing.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "d30aea16-8ebf-49ba-8534-a09d49b9b6b8" agent-api.atera.com/production 443 or8ixli90mf "maintain" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "25a609e0-48c4-43ea-ab9f-0e5ee31d888e" agent-api.atera.com/production 443 or8ixli90mf "downloadifneeded" 001q300000ppqvxiax
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -noprofile -command " ################################################################################################ # windows 11 compatibility check script # ################################################################################################ # compatibility flag $iscompatible = $true # check if current os is windows 10 $osversion = (get-ciminstance -class win32_operatingsystem).caption if (-not $osversion.contains('windows 10')) { return } # architecture x64 $arch = (get-ciminstance -class cim_computersystem).systemtype $archvalue = 'x64-based pc' if ($arch -ne $archvalue) { $iscompatible = $false } # screen resolution $screeninfo = (get-ciminstance -classname win32_videocontroller).currentverticalresolution $valuemin = 720 if ($screeninfo -le $valuemin) { $iscompatible = $false } # cpu composition $core = (get-ciminstance -class cim_processor | select-object *).numberofcores $corevalue = 2 $frequency = (get-ciminstance -class cim_processor | select-object *).maxclockspeed $frequencyvalue = 1000 if (-not (($core -ge $corevalue) -and ($frequency -ge $frequencyvalue))) { $iscompatible = $false } # tpm $tpm2 = $false if ((get-tpm).manufacturerversionfull20) { $tpm2 = -not (get-tpm).manufacturerversionfull20.contains('not supported') } if ($tpm2 -contains $false) { $iscompatible = $false } # secure boot $secureboot = confirm-securebootuefi if ($secureboot -ne $true) { $iscompatible = $false } # ram available $memory = (get-ciminstance -class cim_computersystem).totalphysicalmemory $setminmemory = 4294967296 if ($memory -lt $setminmemory) { $iscompatible = $false } # storage available $listdisk = get-ciminstance -class win32_logicaldisk | where-object { $_.drivetype -eq '3' } $setminsizelimit = 64gb $diskcompatible = $false foreach ($disk in $listdisk) { if ($disk.freespace -ge $setminsizelimit) { $diskcompatible = $true } } if (-not $diskcompatible) { $iscompatible = $false } # output final result $iscompatible "
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1620.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1BDE.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1BDE.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI2E00.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI4A38.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI4A38.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI4A38.tmp-\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIA90D.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIA90D.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIADE0.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIADE0.tmp-\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSICD60.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSICD60.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
                      Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct

                      Remote Access Functionality

                      barindex
                      Yara detected AteraAgent
                      Source: Yara matchFile source: 00000036.00000002.3463290327.00007FFD342D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2961435509.000001428DDB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.3142586290.00000193CD440000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000000.3303535329.000001F340852000.00000002.00000001.01000000.00000025.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2353618442.000001E3759A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3524990505.000001991B8D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A6C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2964285314.000001428E9B7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3532491010.000001991C2F4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000003.3508232767.000001DC8F09F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3227864831.000002A4C9CC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A734000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E30008C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2961435509.000001428DDFC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3399599331.000000A424BE9000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3401189775.000000A424DF4000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2964285314.000001428E9E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBDA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000002.3297430762.000002B4165C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2961473498.000001A6921F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3227864831.000002A4C9D01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A72A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3401637796.000000A424FE9000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000002.3297430762.000002B4165E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A720000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000002.3294735494.00000273268C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2961473498.000001A692279000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3404135270.000000A4253F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A698000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A628000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3550403996.00000199349EF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E300089000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3546903289.00000199349C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3402039545.000000A4250E9000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996562467.000001F34113F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4301175229.0000021F6032F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996562467.000001F34146F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2351721551.000001E3732A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3405645078.000000A4256EA000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3524990505.000001991B91D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A686000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2351721551.000001E3732A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3462153461.000001323DD90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4374433116.0000021F7934C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A73A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2352364714.000001E373530000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AB06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4312328885.0000021F60C6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4301175229.0000021F602E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.4427503164.000001F359A91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AB2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2353560207.000001E375990000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000003.3467806002.000001DC8F050000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3227864831.000002A4C9CC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4312328885.0000021F60B61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A79E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2355425593.00007FFD34484000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E30017C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A714000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A81B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A82F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3406712089.000002595958C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AB37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3387279185.000000A422D35000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3457098976.00000132255E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996562467.000001F341427000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2351721551.000001E3732C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A748000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000034.00000002.3389203977.000000000323C000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3401352426.000000A424EE9000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3991728641.000001F3409BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4311434710.0000021F60430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3991728641.000001F3409D2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3411865299.0000025959700000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3991728641.000001F3409B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3406712089.0000025959550000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3324055173.000002A4CA511000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A740000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3402661587.000000A4251F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2961473498.000001A6921F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A6DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996562467.000001F3411FF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2961435509.000001428DDBC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBE3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E300132000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3457098976.0000013225554000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4301175229.0000021F602C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3406544413.0000025959450000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3532491010.000001991C1F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4301175229.0000021F602E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBB31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A7A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AAFA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3453146675.0000013223A37000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3532491010.000001991C463000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4301175229.0000021F602A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AB85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3227864831.000002A4C9D4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3991728641.000001F340A3F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.3509493854.000001DC8F0A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595ABAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A6AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3456611419.0000013223B40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3524990505.000001991B8D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3413329190.0000025959CB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3402867465.000000A4252E9000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3532491010.000001991C365000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3453146675.00000132239B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000003.3214494462.000002B4166E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3529098713.000001991BB25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A81F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3453146675.00000132239EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3323279513.000002A4C9F20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2963217297.000001428E820000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A807000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2351721551.000001E37332F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3406712089.00000259595D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3453146675.0000013223A71000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3529583312.000001991BBE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2962415195.000001428E060000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996033641.000001F341072000.00000002.00000001.01000000.00000031.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3453146675.00000132239B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.0000025959E5D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3378950073.00000203CB3A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2961435509.000001428DE3C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3227864831.000002A4C9CDD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000002.3297430762.000002B4165CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A6F4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000021.00000002.3324055173.000002A4CA593000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AB66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3532491010.000001991C30B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A7AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A74C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4312328885.0000021F60A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.4427503164.000001F359AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3404757391.000000A4254F1000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3378950073.00000203CB3E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2964285314.000001428E971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2963679654.000001A6929F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3511757048.0000025972A05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A75A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3524990505.000001991B981000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBD75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3524990505.000001991B8AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3457098976.00000132254D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3405170266.000000A4255E9000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4312328885.0000021F60FBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2963679654.000001A692981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.4427503164.000001F359AFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A7B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A609000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000003.3296693535.000002B4165E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AAF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4374433116.0000021F792D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A756000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3421825510.00000203E46F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A9EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996562467.000001F3410E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3991728641.000001F340A02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3996562467.000001F341188000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2961473498.000001A69222D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2961473498.000001A692236000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A61A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3457098976.0000013225577000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2962489998.000001A6924D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBD78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E3000B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3406712089.0000025959603000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E3000B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3524274975.000001991B890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3457098976.00000132255D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3406712089.0000025959558000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3991533155.000001F3409A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000000.3343936509.0000021F600B2000.00000002.00000001.01000000.00000027.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2962298010.000001A692422000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000036.00000002.3457098976.000001322555C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.3991728641.000001F3409F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3415240965.00000203E4555000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3532491010.000001991C474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A5B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4312328885.0000021F60AA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A6FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595AB41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A6CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002B.00000002.4427503164.000001F359A30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A67C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3415989830.00000203E4574000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3382487182.00000203CB6C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3418631183.00000203E4609000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2961435509.000001428DDF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3378950073.00000203CB3DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3383065708.00000203CBBC6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000002.3297608269.000002B4166C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.3550578996.00000199349FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000002E.00000002.4374433116.0000021F792F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.2348889319.000001E300001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2300, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2872, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2656, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 6524, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 6816, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7288, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7748, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7764, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6524, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7280, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 3552, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 6908, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2540, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cscript.exe PID: 2704, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 4616, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3788, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 876, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AgentPackageTicketing.exe PID: 4036, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AgentPackageSTRemote.exe PID: 2996, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5876, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: taskkill.exe PID: 5252, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 6876, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Windows\Temp\~DF0E56B4C9B4D5AEE1.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF61D0F85115295E76.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF1C7C7BE48FF98E07.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Config.Msi\5714e6.rbs, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Config.Msi\5714d9.rbs, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF7D49F49320B250FC.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSID725.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF48580194A8049016.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFCE03ACF06BD55AF2.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFAEAC1BCA82979C15.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF54D62876BC82BE22.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF6B007E2D2C2AF200.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSIA90D.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFC89F354E6903A119.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFD9E202C2DFBEEDA8.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFDFCAE420CB6529E7.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFD7E653FE9BB68235.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFCC966EA9A67E3CE2.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFCE6955BA849F6CC3.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFA052C223C555C93C.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF151969AB36BE6A10.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF268D8840D2324F5E.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF1D775BC676569C16.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF1171BC376218CEF5.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_000_dotnet_runtime_8.0.11_win_x64.msi.log, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF656624A2C6F77EB9.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFDF6262B04F1CB529.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF3EAEF7DCA7CBF50E.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\AteraSetupLog.txt, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_001_dotnet_hostfxr_8.0.11_win_x64.msi.log, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF8045D7C2CB158800.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF8E9623454E7B11AA.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_002_dotnet_host_8.0.11_win_x64.msi.log, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFEEFD8CF3F6EA13B9.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF9A00021C80A2B0D6.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF81F02A1A19365A5F.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Config.Msi\5714de.rbs, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFDA97075FB4A7F65A.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF60DBA4117BE87DFA.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSICD60.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF41669721F6B9F0E5.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSI4A38.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF5FBF141273CD1C8C.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF37A9305ECBF11C13.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSI3256.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFED2D5D06D7D2AAFA.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFB2089D35B96B574B.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DF2D714BC3F8255795.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSIFDBC.tmp, type: DROPPED

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting                      		1
                      Replication Through Removable Media                      		541
                      Windows Management Instrumentation                      		1
                      Scripting                      		1
                      DLL Side-Loading                      		21
                      Disable or Modify Tools                      		OS Credential Dumping11
                      Peripheral Device Discovery                      		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter                      		1
                      DLL Side-Loading                      		32
                      Windows Service                      		1
                      Obfuscated Files or Information                      		LSASS Memory2
                      File and Directory Discovery                      		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts11
                      Scheduled Task/Job                      		32
                      Windows Service                      		111
                      Process Injection                      		1
                      Software Packing                      		Security Account Manager144
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts11
                      Service Execution                      		11
                      Scheduled Task/Job                      		11
                      Scheduled Task/Job                      		1
                      Timestomp                      		NTDS1
                      Query Registry                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets641
                      Security Software Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      File Deletion                      		Cached Domain Credentials1
                      Process Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items123
                      Masquerading                      		DCSync361
                      Virtualization/Sandbox Evasion                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Modify Registry                      		Proc Filesystem1
                      Application Window Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt361
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron111
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                      Rundll32                      		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1591064 Sample: PropostaOrcamentoPdf.msi Startdate: 14/01/2025 Architecture: WINDOWS Score: 100 147 Multi AV Scanner detection for dropped file 2->147 149 Multi AV Scanner detection for submitted file 2->149 151 Yara detected AteraAgent 2->151 153 8 other signatures 2->153 8 msiexec.exe 501 910 2->8         started        12 AteraAgent.exe 2->12         started        15 AgentPackageUpgradeAgent.exe 2->15         started        17 3 other processes 2->17 process3 dnsIp4 95 C:\Windows\Installer\...\ARPPRODUCTICON.exe, PE32 8->95 dropped 97 C:\Windows\Installer\MSIFB80.tmp, PE32 8->97 dropped 99 C:\Windows\Installer\MSIE7C.tmp, PE32 8->99 dropped 107 464 other files (438 malicious) 8->107 dropped 161 Sample is not signed and drops a device driver 8->161 19 msiexec.exe 8->19         started        21 AteraAgent.exe 8->21         started        26 msiexec.exe 8->26         started        36 2 other processes 8->36 141 84.201.210.23 NPLAYTELEKOM-AS-PONPL Poland 12->141 143 199.232.210.172 FASTLYUS United States 12->143 145 3 other IPs or domains 12->145 101 C:\...\System.Management.dll, PE32 12->101 dropped 103 C:\...103ewtonsoft.Json.dll, PE32 12->103 dropped 105 C:\...\Microsoft.Win32.TaskScheduler.dll, PE32 12->105 dropped 109 177 other malicious files 12->109 dropped 163 Installs Task Scheduler Managed Wrapper 12->163 165 Creates files in the system32 config directory 12->165 167 Reads the Security eventlog 12->167 169 Reads the System eventlog 12->169 28 AgentPackageUpgradeAgent.exe 12->28         started        30 AgentPackageAgentInformation.exe 12->30         started        32 AgentPackageTicketing.exe 12->32         started        38 4 other processes 12->38 34 conhost.exe 15->34         started        file5 signatures6 process7 dnsIp8 48 4 other processes 19->48 131 2.17.190.73 AKAMAI-ASUS European Union 21->131 79 C:\Windows\System32\InstallUtil.InstallLog, Unicode 21->79 dropped 81 C:\...\AteraAgent.InstallLog, Unicode 21->81 dropped 155 Creates files in the system32 config directory 21->155 157 Reads the Security eventlog 21->157 159 Reads the System eventlog 21->159 40 rundll32.exe 26->40         started        51 5 other processes 26->51 133 20.60.197.1 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->133 83 C:\...\System.ValueTuple.dll, PE32 28->83 dropped 85 C:\Program Files (x86)\...\Pubnub.dll, PE32 28->85 dropped 87 C:\...87ewtonsoft.Json.dll, PE32 28->87 dropped 93 4 other malicious files 28->93 dropped 53 2 other processes 28->53 44 powershell.exe 30->44         started        55 2 other processes 30->55 135 2.20.245.139 AKAMAI-ASN1EU European Union 32->135 89 C:\...\TicketingTray.exe (copy), PE32 32->89 dropped 46 conhost.exe 32->46         started        57 2 other processes 36->57 137 52.223.39.232 AMAZONEXPANSIONGB United States 38->137 139 13.35.58.89 AMAZON-02US United States 38->139 91 C:\Windows\Temp\SplashtopStreamer.exe, PE32 38->91 dropped 59 4 other processes 38->59 file9 signatures10 process11 dnsIp12 111 C:\...\AlphaControlAgentInstallation.dll, PE32 40->111 dropped 123 3 other files (none is malicious) 40->123 dropped 171 System process connects to network (likely due to code injection or exploit) 40->171 173 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 44->173 175 Loading BitLocker PowerShell Module 44->175 61 conhost.exe 44->61         started        129 40.119.152.241 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 48->129 113 C:\...\AlphaControlAgentInstallation.dll, PE32 48->113 dropped 115 C:\...\AlphaControlAgentInstallation.dll, PE32 48->115 dropped 117 C:\...\AlphaControlAgentInstallation.dll, PE32 48->117 dropped 125 13 other files (1 malicious) 48->125 dropped 119 C:\...\AlphaControlAgentInstallation.dll, PE32 51->119 dropped 121 C:\...\AlphaControlAgentInstallation.dll, PE32 51->121 dropped 127 6 other files (none is malicious) 51->127 dropped 63 conhost.exe 51->63         started        77 4 other processes 51->77 65 conhost.exe 55->65         started        67 cscript.exe 55->67         started        69 conhost.exe 57->69         started        71 net1.exe 57->71         started        73 conhost.exe 57->73         started        75 Conhost.exe 59->75         started        file13 signatures14 process15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      PropostaOrcamentoPdf.msi19%VirustotalBrowse

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      5714df.rbf (copy)26%ReversingLabsWin32.PUA.Atera
                      5714e1.rbf (copy)0%ReversingLabs
                      5714e2.rbf (copy)0%ReversingLabs
                      5714e3.rbf (copy)0%ReversingLabs
                      5714e4.rbf (copy)0%ReversingLabs
                      5714e5.rbf (copy)0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe26%ReversingLabsWin32.PUA.Atera
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll0%ReversingLabs
                      C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://acontrol.atera.com/0%Avira URL Cloudsafe
                      http://schemas.datacontract.org/2004/07/System.ServiceProcess0%Avira URL Cloudsafe
                      http://www.StorageNode.cdxml0%Avira URL Cloudsafe
                      http://crl.ssc.lt/root-c/cacrl.crl00%Avira URL Cloudsafe
                      https://agent-api.P0%Avira URL Cloudsafe
                      https://ps.pndsn0%Avira URL Cloudsafe
                      http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf00%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://monitor.azure.com//.defaultMicrosoft.ApplicationInsights.dll.14.drfalse
                          		high
                          https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.datacontract.orgAteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgXAgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://ps.atera.com/agentpackageswin/AgentPackageInternalPoller/15.9/AgentPackageInternalPoller.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://agent-api.atera.com/Production/Agent/GetCommands)AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://ps.atera.com/agentpackageswin/AgentPackageUpgradeAgent/22.1/AgentPackageUpgradeAgent.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://dl.google.com/googletalk/googletalk-setup.exeAteraAgent.exe, 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.drfalse
                                            		high
                                            http://www.StorageNode.cdxmlpowershell.exe, 0000001D.00000002.3194267968.00000193E6630000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/24.3/AGENTPACKAGESTREMOTE.ZIPAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.ssc.lt/root-c/cacrl.crl0AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8293878b-e837-4025-bdee-1d2bd31b5fa2AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://my.splashtop.com/csrs/winAgentPackageSTRemote.exe, 0000002E.00000000.3343936509.0000021F600B2000.00000002.00000001.01000000.00000027.sdmpfalse
                                                    		high
                                                    https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.8/AgentPackageAgentInformatiAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEPROGRAMMANAGEMENT/26.7/AGENTPACKAGEPROGRAMMANAGEAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://wixtoolset.orgrundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, PropostaOrcamentoPdf.msi, 5714e7.msi.2.drfalse
                                                          		high
                                                          HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.AVAILABILITY/0.16/AGENT.PACKAGE.AVAILABILITY.ZAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEHEARTBEAT/17.14/AGENTPACKAGEHEARTBEAT.ZIPAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip?bjmegWAteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://agent-api.atera.com/Production/Agent/track-event;rundll32.exe, 00000005.00000002.2282418773.00000000051B6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004366000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://nuget.org/nuget.exepowershell.exe, 0000001D.00000002.3185668768.00000193DE36E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://acontrol.atera.com/AteraAgent.exe, 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://agent-api.atera.com/Production/Agent/dynamic-fields/AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip?bjAteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBB31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CE301000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000001F.00000002.3532491010.000001991C2F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F3410E1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60AA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLEAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://my.splashtop.comAgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60BF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ps.atera.com/agentpackagesmac/AgentPackageProgramManagement/26.7/AgentPackageProgramManagemeAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip?bjmegWAteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://api.nuget.org/v3-flatcontainer/eo.webbrowser/24.1.46/eo.webbrowser.24.1.46.nupkgAgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpfalse
                                                                                          		high
                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnostiAgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpfalse
                                                                                                		high
                                                                                                https://contoso.com/Iconpowershell.exe, 0000001D.00000002.3185668768.00000193DE36E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.4.exeAgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B36000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://download.splashtop.comAgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.symauth.com/cps0(stvideo.dll.2.dr, XDColMan.dll.2.drfalse
                                                                                                            		high
                                                                                                            https://agent-api.atera.comrundll32.exe, 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A849000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A76C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A8BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBB31000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/Pester/Pesterpowershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://dc.services.visualstudio.com/fMicrosoft.ApplicationInsights.dll.14.drfalse
                                                                                                                  		high
                                                                                                                  http://www.w3.ohAteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000E.00000002.3417755880.000002595A762000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d48d7402-4398-48d5-8d91-39e8396f0920AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.3/AgentPackageTicketing.zip?bjmegWCAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.symauth.com/rpa00stvideo.dll.2.dr, XDColMan.dll.2.drfalse
                                                                                                                            		high
                                                                                                                            https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=57218642-85f1-4d2f-9711-6ff3af9772c8AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://api.nuget.orgAgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34146F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEOSUPDATES/30.3/AGENTPACKAGEOSUPDATES.ZIPAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=35e7852f-4d41-4287-9f34-868a2ca4e355AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://my.splashtop.comAgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAgentIAteraAgent.exe, 0000000E.00000002.3417755880.0000025959EC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGETICKETING/30.3/AGENTPACKAGETICKETING.ZIPAteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=749c97d9-f428-4102-9808-eac945968cf1AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://agent-api.atera.com/Production/Agent/recurringCommandResultAgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBD78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://api.nuget.orgAgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F341385000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/374ce1d0AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/dotnet/runtimeSystem.Security.Cryptography.OpenSsl.dll.2.dr, System.Security.AccessControl.dll.2.dr, System.Data.DataSetExtensions.dll.2.dr, System.Reflection.Primitives.dll.2.dr, System.Xml.XmlSerializer.dll.2.dr, System.Runtime.Serialization.Json.dll.2.dr, System.IO.UnmanagedMemoryStream.dll.2.dr, System.Reflection.TypeExtensions.dll.2.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://aka.ms/dotnet-warnings/System.Security.AccessControl.dll.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0stvideo.dll.2.dr, hidkmdf.sys.2.dr, XDColMan.dll.2.dr, stgamepad.sys0.2.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exeAgentPackageSTRemote.exe, 0000002E.00000002.4312328885.0000021F60B61000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002E.00000000.3343936509.0000021F600B2000.00000002.00000001.01000000.00000027.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959ED3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://agent-api.atera.com/Production/Agent/CommandResultRecurring/AgentPackageTicketingInstallHelpAgentPackageTicketing.exe, 0000002B.00000002.3996562467.000001F3410E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://agent-api.PAgentPackageAgentInformation.exe, 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.w3.oAteraAgent.exe, 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Fhttps://profiler.monitorMicrosoft.ApplicationInsights.dll.14.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=5df7da6c-991d-4e94-9353-18a62c793493AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com/JamesNK/Newtonsoft.Jsonrundll32.exe, 00000004.00000003.2233604866.000000000434E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2240536659.0000000004FC9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2290414997.00000000041AE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3506223685.00000259726C0000.00000002.00000001.01000000.0000002D.sdmp, rundll32.exe, 00000012.00000003.2360140161.0000000004140000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2962840526.000001428E772000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 00000021.00000002.3384490162.000002A4E2DA2000.00000002.00000001.01000000.0000002B.sdmp, rundll32.exe, 00000029.00000003.3258750313.00000000046C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002A.00000003.3271716521.0000000004233000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000030.00000003.3351094328.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll1.14.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959F9B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A03B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ps.atera.com/agentpackageswin/AgentPackageMarketplace/13.0/AgentPackageMarketplace.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 0000001D.00000002.3144833957.00000193CF183000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CFC9C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3144833957.00000193CFCC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://ps.pndsnAteraAgent.exe, 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A83B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A889000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A9EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://www.sqlite.org/copyright.html2SQLite.Interop.dll.14.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=73c42b57-e326-4df7-8746-be7c8e77a131AteraAgent.exe, 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://profiler.monitor.azure.com/lMicrosoft.ApplicationInsights.dll.14.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://ps.atera.com/translations/TicketingTray/AgentPackageTicketing.exe, 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0AteraAgent.exe, 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.zAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ps.atera.com/agentpackagesmac/AgentPackageUpgradeAgent/27.6/AgentPackageUpgradeAgent.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://snapshot.monitor.azure.com/&Microsoft.ApplicationInsights.dll.14.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://ps.atera.com/agentpackagesmac/AgentPackageInternalPoller/13.0/AgentPackageInternalPoller.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=682c702a-02e6-4511-9748-6f3efa6b70e9AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://www.microsoft.copowershell.exe, 0000001D.00000002.3194267968.00000193E6630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/26.7/AgentPackageProgramManageAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.0000025959FC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                40.119.152.241
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                                                                                                                                                13.35.58.89
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                                                2.17.190.73
                                                                                                                                                                                                                		unknownEuropean Union
                                                                                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                35.157.63.228
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                                                13.35.58.59
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                                                35.157.63.229
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                                                2.20.245.139
                                                                                                                                                                                                                		unknownEuropean Union
                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                20.60.197.1
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                84.201.210.23
                                                                                                                                                                                                                		unknownPoland
                                                                                                                                                                                                                		34390NPLAYTELEKOM-AS-PONPLfalse
                                                                                                                                                                                                                199.232.210.172
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                                                                                52.223.39.232
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		8987AMAZONEXPANSIONGBfalse

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                Analysis ID:1591064
                                                                                                                                                                                                                Start date and time:2025-01-14 17:00:44 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 12m 2s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:73
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:PropostaOrcamentoPdf.msi
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winMSI@93/975@0/11
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .msi
                                                                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                11:01:50API Interceptor3x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                11:01:55API Interceptor800699x Sleep call for process: AteraAgent.exe modified
                                                                                                                                                                                                                11:02:58API Interceptor36x Sleep call for process: AgentPackageAgentInformation.exe modified
                                                                                                                                                                                                                11:03:13API Interceptor29x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                11:03:37API Interceptor1629x Sleep call for process: AgentPackageTicketing.exe modified
                                                                                                                                                                                                                11:03:40API Interceptor53533x Sleep call for process: AgentPackageSTRemote.exe modified
                                                                                                                                                                                                                11:03:53API Interceptor7x Sleep call for process: AgentPackageUpgradeAgent.exe modified
                                                                                                                                                                                                                17:03:23Task SchedulerRun new task: Monitoring Recovery path: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe s>schedulerrun
                                                                                                                                                                                                                17:05:04AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {e883dae5-a63d-4a45-afb9-257f64d5a59b} "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                40.119.152.241PDF-523.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                  APLICATIVO-WINDOWS-NOTA-FISCAL.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                    6CWcISKhf1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                      setup.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                        Documento_Contrato_Seguro_18951492.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                          Documento_Contrato_Seguro_25105476.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                            Documento_Contrato_Seguro_63452319.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                              Documento_Contrato_Seguro_44600862.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                setup.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                  Atualizador_Fiscal_NFe_37882912.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                    13.35.58.89APLICATIVO-WINDOWS-NOTA-FISCAL.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                      IwmwOaVHnd.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                        Atualizador_Fiscal_NFe.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                          SecuriteInfo.com.Program.RemoteAdminNET.1.4447.28224.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                            Arquivo_4593167.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                              ALVARA-072.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                TRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                    35.157.63.2281nzNNooNMS.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                      Le55bnMCON.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                        z8yxMFhhZI.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          gaYiWz75kv.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                            Atualizador_Fiscal_NFe.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                              LaudoBombeirosPDF.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                Arquivo_4593167.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                  9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        AMAZON-02UShttps://microsoft-visio.en.softonic.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.19.224.221
                                                                                                                                                                                                                                                                        http://www.brillflooring.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 54.71.88.81
                                                                                                                                                                                                                                                                        meth3.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 54.72.82.191
                                                                                                                                                                                                                                                                        meth8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 108.136.161.205
                                                                                                                                                                                                                                                                        meth1.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 44.254.248.1
                                                                                                                                                                                                                                                                        http://wagestream.acemlnb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 143.204.215.65
                                                                                                                                                                                                                                                                        http://yourexcellency.activehosted.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 143.204.215.65
                                                                                                                                                                                                                                                                        https://www.xrmtoolbox.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 99.86.4.90
                                                                                                                                                                                                                                                                        arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 18.138.65.32
                                                                                                                                                                                                                                                                        ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 173.231.90.174
                                                                                                                                                                                                                                                                        AKAMAI-ASUSmeth10.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 104.84.5.44
                                                                                                                                                                                                                                                                        meth1.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 104.84.160.200
                                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 23.203.64.19
                                                                                                                                                                                                                                                                        q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 23.38.98.104
                                                                                                                                                                                                                                                                        original.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 23.56.162.204
                                                                                                                                                                                                                                                                        http://links.notification.intuit.com/ls/click?upn=u001.Hu9nToJLxsJSQR8ZHWn8Ib7JikYF6PNXv5VK-2BAfeSpVHPRNy-2BFDtJ-2BhNUfKXTverofrKjvXVKH4ba5KbTX-2BS4d1fnHXIidRtPiokrK2um0Eple-2FkJVLqDQnYz8JTbzkA9WlXWZlL3ivdsx3brpVaTH-2FK6m9Qw3cu-2BvTOlnjPR-2BRQieb3dMUHHYNG5OQm5ryxF0Fsg8fRojMxisWNsOHrH9C1cyNh2C-2BapzmizNqUYRxhHtg93ylBbIqH4SXA-2BcyHnCgzv3EsQu4AeMgUYmPWnA-3D-3DLdh5_yvrO630WiuT7pZuPPGURxafPbqYMaSDh9TJohqr8UezRE8eV8vDlm-2BTA5TmdEDZ7yETp46OEIM2MjRx5Mgc-2FSy44clVANtwLrq3nrTfwacsucNAXy1OR1t4kO8Runkcodfdl27Tk2P3ljoutL4PngQr5QuG6-2BzAFT5LByFkcNsd4ZN4BjPhWe-2FurNg8n55w3pC1a745KRvgSQJLhnfGqvVCPndWBC-2FrOGmouU9sI8e8126CrPE36g6YnfTU62FfgD4iz7YqhY5ClzJJ1rfDytmBE27deoiPYjSCUIOExKeOY9BXwol6hEnBu1JrowSiwfKjh7zwfuBtmrvZ6vSOSA4TPvkxfFcg8BlrW1vQm3N4xNhNATHmDPJ14VDZ37GTEiI3qtLYdiyXWWkTzMMnRfMqqHTb6pk7iw0nQ-2B-2F-2BoVFAByTiDqFl-2BEIRuBMpx3EAFKUBzR-2BFkYOUJfVO0AgKNNrj8RX8iEkzqu1jtQg7ixHYmsOTyS67b-2FfHfta82o4E2JYjYGlK5-2B4oC7YaK6nqpfLyDha24FrKV-2FLp72I4nvgzKLPEnT5ZwYuSOhCg3YVBTmOz2nIgG2JSkyg5oeFqAqgkNSx8fK8zislf-2BrA2fYIACU0BIPGyf0fmRMsEmqkL-2Bp3BFpdaGyMHdF1x-2BecUEBz6lLoiPwOcsUtngmDNDJXvvknBRqzikOl9M6fGqG3fXa1gCTdQ65koy28-2F-2BBWPXowJpnZS4HZIyZUo5CD6QHJWBreucOVPnNwQeZjC-2FzCK4Cce5NO367-2F8X6iGngzToJ76PKlG3iKmQrD2mUaULlSVRgzOCG3qGCu5c3-2FNswHxTGs5sX1Z4U8SbnKLBV1PKGCxM9T4n09h2aVmLlExK8v00nv29XzsU7Po9gelTF-2FjMSswYLkMiSOnzlY2BCdCwDuNC1nvBteBGpD-2F22OmpeXpRAaJ0J-2B4lsJiYMNTfeLTVpUwXJ8O1S1sYa5RHOdrs-2FcoPQw3UvxHuDk-2F8iCLoYwSk9C9RD2cz2elRWzi1C1ns-2FlhCnZAhjcKv9Z9Ae1z44jmN81TExev-2BlHq6EzmdhrItggowvzubiVKpLOI41-2FppAUrbGiqMHyKjd3-2F4kk-2Flz32iYslSzl6Dn0eXeS9GKE-2Bpl29Z6ROXa7u-2B5uui0VMIdUdli6dq52DdaYFYPlzSXZJZD6dU1iBoKstrswPNVadTn-2FAGgQ05qSC-2Bkb7G8HU-2BK5xqU5Ufalh9-2FjFROiYaxD3E-2Bu8NoLa7LrZn2WpO-2F0jyY6Vd6CrNPSPrDmzB8lSbamUhpcGSHkMvagS5o-2By7jAAciI99IX68zm80Q3YVM-2BJI1Dy0kwunCbTG4zRPUdxDxmPiGishQoGtkqOda43zr5FgVLFBsuyricc5CP0Uj0NZhEVb-2Br-2FOT93qdqnJE6-2FTp6T2R9YtWtiv-2BEfeLsX6gcdvCtN3M6I13WFY-2ByaP1CVexX5752k6SmFvyspk50EqGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 104.102.39.52
                                                                                                                                                                                                                                                                        Mbda Us.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • 23.56.162.204
                                                                                                                                                                                                                                                                        meth5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 23.64.208.84
                                                                                                                                                                                                                                                                        lumma1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                                        random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUShttps://microsoft-visio.en.softonic.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 13.107.246.44
                                                                                                                                                                                                                                                                        phish_alert_iocp_v1.4.58.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.109.28.46
                                                                                                                                                                                                                                                                        email.emlGet hashmaliciousunknownBrowse
                                                                                                                                                                                                                                                                        • 13.89.179.9
                                                                                                                                                                                                                                                                        meth10.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 104.209.115.160
                                                                                                                                                                                                                                                                        meth8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 52.101.21.124
                                                                                                                                                                                                                                                                        meth1.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        • 20.18.207.47
                                                                                                                                                                                                                                                                        Subscription_Renewal_Receipt_2025.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        • 13.107.246.64
                                                                                                                                                                                                                                                                        https://www.xrmtoolbox.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 52.233.155.168
                                                                                                                                                                                                                                                                        arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 51.143.205.161
                                                                                                                                                                                                                                                                        ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 40.107.1.250

                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        5714df.rbf (copy)PDF-523.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                          APLICATIVO-WINDOWS-NOTA-FISCAL.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                            6CWcISKhf1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              setup.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                Documento_Contrato_Seguro_18951492.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                  Documento_Contrato_Seguro_25105476.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                    Documento_Contrato_Seguro_63452319.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                      Documento_Contrato_Seguro_44600862.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                        setup.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                          RQ--029.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                            5714df.rbf (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):145968
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                            MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                            SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                            SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                            SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                            • Filename: PDF-523.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: APLICATIVO-WINDOWS-NOTA-FISCAL.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: 6CWcISKhf1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: Documento_Contrato_Seguro_18951492.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: Documento_Contrato_Seguro_25105476.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: Documento_Contrato_Seguro_63452319.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: Documento_Contrato_Seguro_44600862.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            • Filename: RQ--029.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                            5714e0.rbf (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1442
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                            MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                            SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                            SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                            SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                            5714e1.rbf (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):215088
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                            MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                            SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                            SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                            SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                            5714e2.rbf (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710192
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                            MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                            SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                            SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                            SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            5714e3.rbf (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):602672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                            MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                            SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                            SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                            SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                            5714e4.rbf (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):73264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                            MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                            SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                            SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                            SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                            5714e5.rbf (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3318832
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                            MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                            SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                            SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                            SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714d9.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8845
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.654624504903524
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vjWxz1ccbTOOeMeCT6107r6IHf07r6kAVv70HVotBVeZEmzmYpLAV77wOpY95r:vqD23gpgtiB2iI
                                                                                                                                                                                                                                                                                            MD5:9FDCE6FE6B228D4DB4334FC97E2B24D4
                                                                                                                                                                                                                                                                                            SHA1:0BB4FAA7C43C2108B9BF35C983F5CF0E26C322A1
                                                                                                                                                                                                                                                                                            SHA-256:8EC843A63EE1F69B02CFB1650DBFC64313F64CB421135D6E168A81D76AD485D2
                                                                                                                                                                                                                                                                                            SHA-512:C5D918D655810D0B31C37F2A35069BDD143C5A72C53094ABC9EE3F46F2D9E44E9F572BF5BDC24CD37F6E728E9D60BDD80AC0C5493C3B294DD464FE33A32203A2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\5714d9.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@;X.Z.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..PropostaOrcamentoPdf.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714de.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9511
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.55695776297551
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:5jWGpcR8bLCsgRrbLCMDp17qEVl0H6LALtyD0qagukGGhaKfmbHt1fSPVAksrEcZ:5qLRCgRTdZKKT+BT
                                                                                                                                                                                                                                                                                            MD5:DB50A4318DFA3AEACBF955A7A5FD7D78
                                                                                                                                                                                                                                                                                            SHA1:05A5C89819EC76CF5B69029420CBA1B7077EE439
                                                                                                                                                                                                                                                                                            SHA-256:2B2017D2299D52531D9A392E2E35311E4871940A5E7FC93BDF2B7239A0F098DF
                                                                                                                                                                                                                                                                                            SHA-512:A33411BB160D492031B26D5A7C12D518D930156B742458BC6E105234AAB2B0ECE912F89AE5397B39BF39A6141ABBA09ACA4B3D945D8C9266C04799B679A221E3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\5714de.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@uX.Z.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..PropostaOrcamentoPdf.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....InstallInitialize$..@....z.Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D0A237E2F2A7564CA141B792446E854\Transforms...@....(.$..@....@.Software\Microsoft\Windows\CurrentVersion\Installer\TempPackages...@....(.&...C:\Windows\Installer\5714da.msi..#0$..@......Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D0A237E2F2A7564CA141B792446E854\InstallPropertiesx.....\...l.............H.........?...................9...................?........... ... ........... ... ................@....%...AuthorizedCDFPrefix%...Comments%...Contact%...DisplayVersion..1.8.7.2%...HelpLi

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714e6.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8767
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.652900390820423
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:6y7wo+fncHMeO1G6ITG6k7s5VNpkxYpLso:6Po+fncHSGVGtSNpkcP
                                                                                                                                                                                                                                                                                            MD5:62C5DA5DF9982296B45CBBA359EADB77
                                                                                                                                                                                                                                                                                            SHA1:A109645D82028A7840316B46631990337352A4AE
                                                                                                                                                                                                                                                                                            SHA-256:95F06C033EE7A12C7F9D83DF1406C4B68E3547204E65A8CD224F896D9C6E2EB9
                                                                                                                                                                                                                                                                                            SHA-512:F3DF82369EECC236095BC2632C43578AE212069C5D3EA83505A18C832B535A65D5FC0C062937839894FA254628DF6C9A66FF022B9997BF5BFA045A1F05C063AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\5714e6.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@yX.Z.@.....@.....@.....@.....@.....@......&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}..AteraAgent..ateraAgentSetup64_1_8_7_2.msi.@.....@.....@.....@........&.{911E9E2F-B38D-4D02-A148-5E49FC9D8943}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714ea.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):76037
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.733432353714996
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:sPXeqjCyEgH2bQzxW5wM/wt/JBQKwHhrRUL2l+Jq4599oefeIubJZrQ1vMF8EkdJ:pSZ
                                                                                                                                                                                                                                                                                            MD5:AEC0168EF1B84D5E5ABC3FA8D4265C37
                                                                                                                                                                                                                                                                                            SHA1:FB633CD289780C19DB602185091D29B724C22CB9
                                                                                                                                                                                                                                                                                            SHA-256:88870BC5FB0EBECEDD5D974ECE5EA26F446D4B39B4723351D416D161B6BEB15C
                                                                                                                                                                                                                                                                                            SHA-512:CF8A4546301CDA85D72F52CC179C62B1C498D7EA8539FE7D91B276B23BD52D913E8E353BA6D6B705B1186B3F912AFFD69620FC80C1DB920B5C9BE593C21B079F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3D8827C3-3F73-4AD7-9420-7CA93653C8F2}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{61B538AB-B209-C01B-F95C-B0A0531054D2}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{3742F778-8BAC-9729-A5BE-712DA9BEB95A}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{ADBB7064-411F-E593-D901-EACB3BA8154E}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{06653204-4010-8C69-AD0A-982273468010}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{76FB8673-364C-25A7-DEC2-3C43D0343A02}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{944490A2-222A-67EA-5532-3CEF12

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714ec.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):464
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.213004740233014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Ea3LM2e/YeVugrUucQBak5cSvpL7lgYKq9uSgmll/Vnpm/nsuRYaRsjXwpoh7LW:EgCBjUcBn97lghq5j//a/fNl+9W
                                                                                                                                                                                                                                                                                            MD5:8643527A797E57DC40747624A441C77F
                                                                                                                                                                                                                                                                                            SHA1:C84DFC30CDA861DF6818B60612F7C24CAE96FEE9
                                                                                                                                                                                                                                                                                            SHA-256:C305E6ABCA50072FC154553B46D1392911BB6760FAAFBE351042173395BD5EE1
                                                                                                                                                                                                                                                                                            SHA-512:6F2EB67851FD8A9BC58E110297CEA32E2C341FF6F1EC55EF5D19F7482F6E883952195567021589C54FB6A69FED66AA14B5042E751CF820A8BECE28E1803D3797
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....Util_UpdateSetting....Util_InstSrvAndDrv....Util_InstDone...@.....@.....@....

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714ef.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):49141
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876711724716824
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:UqoFVHvMRzGFKzt5uIRx5HKjKRrhSp6qf9nEtkP5CqTBDE8COm2rBzaDW3qgbomr:PoFVHvMRzGFqt5uIRx5HKjKRrhSp6qfD
                                                                                                                                                                                                                                                                                            MD5:AD77D804964920E490D64069E0C1150C
                                                                                                                                                                                                                                                                                            SHA1:12E36207CC3AAB472F3A477EAD61BD77EAF4A57D
                                                                                                                                                                                                                                                                                            SHA-256:76943AE9243860B558E71DC3DB90ED70546B41DB51FDDEC9187AD4B88E87040C
                                                                                                                                                                                                                                                                                            SHA-512:5E6D84DA33C08C427671AD9B34A93EB0E362FB4935D1118879F454A19EEC74A828CF20AD9F22BBB297B7D703A002F9369EE085E1B6A99CF5AB0578A23E50E544
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{9C80213E-9079-4561-8D57-1FDD0D62251F}%.Microsoft .NET Runtime - 8.0.11 (x64)!.dotnet-runtime-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{D9788553-CDFF-4792-87FA-89ADA20ADBA7}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F81D99A3-0880-5654-AED5-B1AA39FA6285}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{E6B3315F-85DE-56F4-AA3E-2A4820293382}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{115BDECA-5A1C-5E3D-8EC7-4C45804415E5}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{605499FF-1868-5A10-9952-9F413E0E17EA}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{2869C3B1-74C6-50FA-8ED4-D408ADA4C59E}&.{9C80213E-9079-4561-8D57-1FDD0D62251F}.@......&.{EC639FA4-5778-5619-B7EC-C5FA45025FC1}&.{9C80213E-9079-4561-8D57-1FDD0D6225

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714f3.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9055
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.578715548207556
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:bO7cgkoKThpeEZWO6ZEIdLWO6ZEQmdEE2gU/Veppaxk:bdVw9wn/e
                                                                                                                                                                                                                                                                                            MD5:30A84CB44A31BF060FEBF65048EF4680
                                                                                                                                                                                                                                                                                            SHA1:5CFB08881E99B245AC90029B0F8CDE995F9B5760
                                                                                                                                                                                                                                                                                            SHA-256:9C9C4213CDF5581C073DF2B651AE1840A2717875DC3BE5EFD5DFD29CA8AD8AF6
                                                                                                                                                                                                                                                                                            SHA-512:57DEC0CF300737626205351CE09BC674CE5908EE631AEFC2BADBC1054F734D492931FACC70EE477749FC3E7B8846D436EEB73035B0AECDC639DC672A89DF962A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}..Microsoft .NET Host FX Resolver - 8.0.11 (x64)!.dotnet-hostfxr-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4FD6DFC4-5859-531B-9E4A-DE2781CCA754}&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}.@......&.{88F54D57-4C26-5E97-B6AB-FB77E26C265C}&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}.@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..(.C:\Program Files\dotnet\host\fxr\8.0.11\....3.C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll....WriteRegistryValues..Writing system registry values..Key:

                                                                                                                                                                                                                                                                                            C:\Config.Msi\5714f7.rbs

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10267
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.63929320531285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:svoazP8lwgseZQnZ4kEIf4kE8ZLQ1YEsLdAswXpYUt6ep/n7UTZclqP:svoazP6JQZ4kP4kTZLMMxXwXpYUttn74
                                                                                                                                                                                                                                                                                            MD5:36E4A8DE10B4116FC4EED536AD7EA321
                                                                                                                                                                                                                                                                                            SHA1:C2BDB9F7A21CB24A180BDFB9FF4279399D76BD4A
                                                                                                                                                                                                                                                                                            SHA-256:3C79CDBBF300DF302E9F51EE49F0A746312A023E493A52DC77E49B1247B5397C
                                                                                                                                                                                                                                                                                            SHA-512:5A1EEAA7A3942F4A935049E29A202D1F50A4D334398D79BC8527FA5883278B12DFDD73724E92A9878FC9CC401ACAA9A29E8EA27405997ECDFD2B180FBE8C96FF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}".Microsoft .NET Host - 8.0.11 (x64)..dotnet-host-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{821DC2A6-AEB1-4796-80C6-7F7EC027B94F}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7ECCA0D4-8C88-50DD-A538-CDC29B9350D1}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{CE35924C-AD31-51DF-B84A-A8052ED08400}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@......&.{A61CBE5B-1282-4F29-90AD-63597AA2372E}&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}.@....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1213
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.851494694474147
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhM3VhjwLUVhzVhM3VhmxD6JSrdpW:JXzXOXTHIKKKOXzXOXnXzXOXmt6srdpW
                                                                                                                                                                                                                                                                                            MD5:3840B31C383FDF49BFD6740D945C9032
                                                                                                                                                                                                                                                                                            SHA1:A6F50164A69718BCEF4664D7C47534F0D721866A
                                                                                                                                                                                                                                                                                            SHA-256:1F119F4FDA8028B420E70EE1637C65E2B4198B41EB3EB44D911AFA6F1A0BBC64
                                                                                                                                                                                                                                                                                            SHA-512:F5315421D4BC5F08FEF4E1449E5799DDF311F08EDA317A9EAAD8C88C2E7B7C26182BD586C0221FFE5F4112E5D6E05F5D45D2D0382B0ED51CA25AA94D4D95A84D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Uninstalling assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program File

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7466
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                            MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                            SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                            SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                            SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):145968
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                            MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                            SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                            SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                            SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1442
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                            MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                            SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                            SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                            SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3318832
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                            MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                            SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                            SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                            SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):215088
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                            MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                            SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                            SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                            SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710192
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                            MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                            SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                            SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                            SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):48475
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996046636093994
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:4LhGRaCVI8bUbmvUCCLIAfdRDHnllOVzXVgB/ZZcIWEhbzwjbiUnC5di:4LhQV3UbmCLB1vlOV2gIWcb8jW0Ui
                                                                                                                                                                                                                                                                                            MD5:E43898014A65F1C38641EF8910F46802
                                                                                                                                                                                                                                                                                            SHA1:550E81A451F488B6CC04E216AE3870BFE312B8C9
                                                                                                                                                                                                                                                                                            SHA-256:45F44631CF21620580EAAA6317FEFFD65C2775E63D1F37275477DB473B077F74
                                                                                                                                                                                                                                                                                            SHA-512:642A3DDAF5C5855942AE73EB0CFEF3C1E09383BB920A61BB9A06B9DB14B27B7BA1344A59FCC706B75451BD22A74EC6AA85E6861C72B749BA546FDD6DE94A28D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK........&n.Y................Agent.Package.Watchdog/PK.........n.Yv...d......7...Agent.Package.Watchdog/Agent.Package.Watchdog.deps.jsonaz.....IU`.....g].a...A.....4......A..=mb....5..._....#kBG.}....}.44.P^4..I......Y..4.....)Y8u...q.......$j.."{..z.,I.{......xI..<.i..?..$.....&@..T..[.s[x,}e.//.m.Tt..{.a[P.....3./R.Q..-.A...n..m{ .....0.M.|...rD..N.qp...~s.A......D....Z...-"B...yIqw.XY..{....a........H..A..+.R=.xYM.H.,......._...W}...'..KtA(.......=n..&....v..O.[e.@...lEc.A.4..o......$.A..l4.]M...x.;..r.B.v....u...e...T...h...[...Wh/yt.)..Ra.!w|~.Y....H....g....pYe.(....s.8W..CD.y}!y.$.o.@........|!gb.[.=.=...t..g....H.\rx..4.\.1..H.@-6....l.q...".0&..h..n....n.2|)..E.>..0.~X..l,O=.......I.x....*.6.aA..L4S.}|.Q`.........X...P........TiD.&B..cA...0..p...k.....iM.H..)_.^..-.f0."..8.2.....)jL...d..w....<".........n.Ei.2.`71g...s..:..a.m.t.z....../~G....vD........6r........8p\../..,p..4...G...K..z)lr.....?.;.|aW.J.@..W.1j..%$......Q..h..%...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):384561
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999363646163921
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Dyg677hm03WpEpp2/8LWX+Kh9o3zYerEz7MLHIqbsauawNMGRSManfY+bcQ/lqNl:Dyf7hm03Ls/OWVh9oMaEz76zwfEHY+lM
                                                                                                                                                                                                                                                                                            MD5:698975AE4AB57FED99CC170DAB8A3E36
                                                                                                                                                                                                                                                                                            SHA1:04B0067BF8584F9D41EF156F75FE28982BFB1286
                                                                                                                                                                                                                                                                                            SHA-256:20FFBCF807587C9A0B13C46406B52927BF0A9965EFE12DB25FCB729E6F1CE7B7
                                                                                                                                                                                                                                                                                            SHA-512:172E65C7657D1FE250AEAF422230C104D03F16356AA32D7B1077ABDD558B69AC4F4F434FA551117AF1CF6FDB74364237E50EF693B2F4201C8475439B6DE77AA6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK..-......F%Z............=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....(.................O.3..%.Y~......{.....#.8-eG{AT.3.@.g.=1.q[....l].l9y@..2&.}K..t.EH$...uS.+.`=xz._3.fcq..NK... oU.t...1^..c.m..;..w.&....M.......RL.,........M.G.}....e....."..0.N..D?.\q..>.2....pv.(^...."..q..F...?.B4..v.6..K_-t....)Cr....C...K.QD.....3...g..Z1.2VV..L.l...0.U..M.'F:]Z.."...jL.../...U.v.....{.tU.~.......l.aA;.....2.l.F.8"...><t..lTr.'..ce.`dSp.$.l...].. .X..7@.+..0....;0..c..J..C...kb....s.Q{O.Wts...)..N...%..T...q...oo.F..;7v.h....5m...B...:8^n..+..v...N.\...3.D..zI..\...Q>S...!E...e.:.3........m.(@BO.._k..{.....E."..T.7.l....+=-..xO..I0.x..#......9....^.`..cy.*0Q}>.b..H.l..x.M..l.jS...~...L."q..9".....e..1.'......J..P.D.}...O....h$./..Z_...K....J..../...?...b....:.._.?.7..s....O.X@.....J*7..".....A.............r;..<..g8..:.p.'X.[.........5tE+Z}p...4...~.&...W."....2.2......y(...e...A....[..x..5..:H..S.i..`&.t.&.l-..:..!.y..}.q.....Z}6...0.M

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):186408
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7421661476686365
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:QPF+XpxWhiIx4oCIXLGRlsZuPfzh554bD0CJd4bDgoVBLv:UM5ohiQ4DIXLG3sZuaD0dDN
                                                                                                                                                                                                                                                                                            MD5:9D8D50D2789C2A8D847D7953518A96F6
                                                                                                                                                                                                                                                                                            SHA1:42621852B40F3F068DA5494C9879F846B4869399
                                                                                                                                                                                                                                                                                            SHA-256:76AEFE9205BCE78D4533500E6839E892B7D80EDC39ABCD30CA67952925302B29
                                                                                                                                                                                                                                                                                            SHA-512:91EA7152762F00FDFBC6CB8D5D15C2E07BC298AF8958406B0B0FB652EE3D4A4DA9D79CA7DDE47DC7700285B20CBA089F35745C2B3B84B9DC0D258BD9BDC89F56
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Gzg.........."...0.............b.... ........@.. ....................... ......eA....`.....................................O.......................((........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................D.......H...........0.......,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.m.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):546
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                            MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                                                                            SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                                                                            SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                                                                            SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:WhWTn:WKn
                                                                                                                                                                                                                                                                                            MD5:3FA173E4E1E00396A06E409935A1E7F9
                                                                                                                                                                                                                                                                                            SHA1:089B85E04C266EDD6DBB678EE91DA656B19674B3
                                                                                                                                                                                                                                                                                            SHA-256:297A53DB6DA22AA3EE4CE849C9952F08BB7296303A170C9DDC7ACEDE10B64C25
                                                                                                                                                                                                                                                                                            SHA-512:D0C34B51E5599C01EDF4CA6ACC89186BCEA5B97A598C4F120B3063C171B9A1668BA5FF87014565360471973B30733A5521783FA3446BF376332AAD23A4325D26
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:version=38.8

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96808
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.18015175056516
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:EJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvO1762C:EQUm2H5KTfOLgxFJjE50vksVUfPvO14
                                                                                                                                                                                                                                                                                            MD5:93D5E2AAFBE16CADA057BF880002B2F7
                                                                                                                                                                                                                                                                                            SHA1:095832AFB05852D692BD40D5F77EBBDD339BC545
                                                                                                                                                                                                                                                                                            SHA-256:83333CE938E943AC54EA0428722D8F9D64D2BE993502CD0E95B39E2D78956484
                                                                                                                                                                                                                                                                                            SHA-512:2E2391C315FD173634F262011A25C9E397BC8A1DAC8E86A039F52FF733534F57F2E00ADC995900823448A45933864E814E89549F41271FC9D7EFFD116BBF3854
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ....................................`.................................(f..O.......8............R..((...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):704552
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.9539626583477325
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:79BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3S:78m657w6ZBLmkitKqBCjC0PDgM5i
                                                                                                                                                                                                                                                                                            MD5:50E3F5A0E04CBD99D4BE8CFE914C7BBE
                                                                                                                                                                                                                                                                                            SHA1:19D99AE964F490E055942D516C60DFDEDC585825
                                                                                                                                                                                                                                                                                            SHA-256:89ED8CBC24723D67AC7E47D0D018EA293F15FC210D9B3E26DC555F464E9B15CD
                                                                                                                                                                                                                                                                                            SHA-512:2F67DBB41631B6134414D1685815DAEA7F38120D88F83CB8F83763CF18B1F6AA2B9A5A7EAEF816EB8A24998536556128C15128B4E301B765C859A9741D69BA25
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................................`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\dynamicfieldscaching.cch

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.640070069415159
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:hsShKF4MsShLP6SX9NfzyShaKf0ONGShaKf0Od:m4qBX9Nf1vd
                                                                                                                                                                                                                                                                                            MD5:DC4D81ACBCF739072BAA318DA4D76367
                                                                                                                                                                                                                                                                                            SHA1:20D118E031CB4006A3854AE84B8F4B29354B49EB
                                                                                                                                                                                                                                                                                            SHA-256:546EFD323DDE179E65D8B5EC44271410064CD14C54AA00EA333991D013F44569
                                                                                                                                                                                                                                                                                            SHA-512:E9BCA9A4F211BB645A69260A2F785A8B2F8CB66ADAB3B34F32951876ECA6C2D5EE9DD97E7712AEACF928AB35B2220ACCF3BC34F10D2C442362833378CF179093
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................TAgentPackageAgentInformation, Version=38.8.0.0, Culture=neutral, PublicKeyToken=null.....6AgentPackageAgentInformation.Cache.CachedDynamicFields.....<DynamicFields>k__BackingField.<Timestamp>k__BackingField..JAgentPackageAgentInformation.Api.Information.CustomField.DynamicFieldDto[]..............8>...4.H...............HAgentPackageAgentInformation.Api.Information.CustomField.DynamicFieldDto................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\information.cch

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):35
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.01158543183743
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:qTi2aiGnmXwLs:qTiVBs
                                                                                                                                                                                                                                                                                            MD5:98F1FBE3AD58F4B36BC1A894799C5891
                                                                                                                                                                                                                                                                                            SHA1:2EFC4D4B631F4EACFA85A3AABBB123981683DA7C
                                                                                                                                                                                                                                                                                            SHA-256:7A9487EEA770B58F375C7FA878849A5CA0D791480E236DD0AACED91879D72082
                                                                                                                                                                                                                                                                                            SHA-512:92D10748ABE8CFEAB0983140A12B82C637B1829295005A606A8DF1F6D2AD9C877EE10CDFC7166698D7735F5F6FB7421E52EDDF8F6BCF99315E228719E19355D6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.5FA6C1D6007F0938968B9B9226E41798

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\update.cch

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):35
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9572958738405695
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Vd74mVrmbgw4T:VuErmbq
                                                                                                                                                                                                                                                                                            MD5:CE26DE4A8BA5C882FBB9FBC03E168ED8
                                                                                                                                                                                                                                                                                            SHA1:75AEBC41164E5FAD93702F8A172EEC25BD2E1E4F
                                                                                                                                                                                                                                                                                            SHA-256:412D2E6E456C17A107CDA64B35297B6CB28D8FF5C47A0119F21FCB4E35F7E42C
                                                                                                                                                                                                                                                                                            SHA-512:776422590C3D198D49FAC60A45293F93FB7394D989355AA5910ABA3D27AE6F56A6719EDBA1AD5836ACCEA34298E1133C8FE9D8284B6309AEA870D439213908F1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.D12A1ADC629C3708FB923F7EC8E16296

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):833993
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999644881255343
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:peRqTiLR3omp/AAzr5nxL2CP+sZ4tgMfQo:p8nLR4WYA72CPPoKo
                                                                                                                                                                                                                                                                                            MD5:9B1F97A41BFB95F148868B49460D9D04
                                                                                                                                                                                                                                                                                            SHA1:768031D5E877E347A249DFDEAB7C725DF941324B
                                                                                                                                                                                                                                                                                            SHA-256:09491858D849212847E4718D6CC8F2B1BC3CAA671CEB165CF522290B960262E4
                                                                                                                                                                                                                                                                                            SHA-512:9C8929A78CB459F519ACE48DB494D710EFD588A19A7DBEA84F46D02563CC9615DB8AA78A020F08ECA6FA2B99473D15C8192A513B4DF8073AEF595040D8962AE4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK..-.....;9rX.9..........9...AgentPackageInternalPoller/AgentPackageInternalPoller.exe....0Z.......U........ee..Th8.............t.v.g....g......M.........c..K.`|.'1.W.g.;.W+.e.....D.."|...]-:.To.:.`B(.E{.T.?..z...&.....g.....1.,km8.....Y......WZm;..!.....k.....iA...~.zK..EW'.....p.A....Q6.~S......A.......6....h=C3N0y.$i....M...N....C......I.....UCp.p....x..WQ!.p..>.'N%.2Z.l.R8./...%Ew..T..yy.....q...U.nqH......".......n.6M..P.:t...t1..r...!9Z.N.X.s8.3.9V.a...m8....LpWS..O.8..R6..O.l....e|(..F...Og.h.0..,..Z.H....Rl..L.N.9.\...."4..%..A.<."..Iy...:..GBw_1......3.y.p...a...*...l..._.FI.Z.....+.L.....]Y.K|RM.Pf..in.........93+2.QMH.t......<...3.. ....2..!....t..)).I\.qw1.'..J...J3".K'rt.h.f+.I.7...q.MK......V.._!Q.].w..au.[.brv.T&..Lfm./..J.$.m...... t.u..uQ...L...\...M.Ihp.rG.J..C".....d.....;z..d....L.p.r.c7....q[2.e.........!(....Ld.....M..9...M....>EN&dY.]....>QUJ..N.+d.cr..].D.o.........?o.~@....@..D[...5.C.eP.a.....;..:.._v.....R

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):219696
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.943430076853408
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:It3Mf3ZwYUPEpbPwygJQetg0+BpU3I0toxhGf:2MfJPpjYN8hI
                                                                                                                                                                                                                                                                                            MD5:01807774F043028EC29982A62FA75941
                                                                                                                                                                                                                                                                                            SHA1:AFC25CF6A7A90F908C0A77F2519744F75B3140D4
                                                                                                                                                                                                                                                                                            SHA-256:9D4727352BF6D1CCA9CBA16953EBD1BE360B9DF570FD7BA022172780179C251E
                                                                                                                                                                                                                                                                                            SHA-512:33BD2B21DB275DC8411DA6A1C78EFFA6F43B34AFD2F57959E2931AA966EDEA46C78D7B11729955879889CBE8B81A8E3FB9D3F7E4988E3B7F309CBD1037E0DC02
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{..e.........."...0..&..........:D... ...`....@.. ..............................h)....`..................................C..O....`..d............2..0(...........B............................................... ............... ..H............text....$... ...&.................. ..`.rsrc...d....`.......(..............@..@.reloc...............0..............@..B.................D......H........@..$.......f.....................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ...x )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{....*..{ ...*..{!...*r.(......}......} .....}!...*..0..Y........u........L.,G(.....{.....{....o....,/(.....{ ....{ ...o....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):541
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.097123194334321
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:MMHdGp2VvOF9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdsIOvPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                                                                            MD5:D0EFB0A6D260DBE5D8C91D94B77D7ACD
                                                                                                                                                                                                                                                                                            SHA1:E33A8C642D2A4B3AF77E0C79671EAB5200A45613
                                                                                                                                                                                                                                                                                            SHA-256:7D38534766A52326A04972A47CACA9C05E95169725D59AB4A995F8A498678102
                                                                                                                                                                                                                                                                                            SHA-512:A3F1CFF570201B8944780CF475B58969332C6AF9BEA0A6231E59443B05FC96DF06A005FF05F78954DBE2FEC42DA207F6D26025AA558D0A30A36F0DF23A44A35C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:WhXWp:WBc
                                                                                                                                                                                                                                                                                            MD5:DFDD2EB77BBB74518BAD98519A857D41
                                                                                                                                                                                                                                                                                            SHA1:5F4F91D73EA620CDF0E5AC458E80B71412B1BB9F
                                                                                                                                                                                                                                                                                            SHA-256:7655078305CC5B4F62569EF9868E1B04FCC491D33FDAD1F8E4610C038BCBAC8D
                                                                                                                                                                                                                                                                                            SHA-512:481CDA97C03294EBAB036F99727828983C8D0E4C137AF05FDEA7FD296D11378904BACCE2D58D44F932A0BF7F2A30A9B44F4CBC05E253F132B1EF641F648C8DF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:version=23.8

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):52272
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.300719339270839
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:5i8fXCGsSVh/2ixXxKFArYCJdshn9xvlOaEpYinAMxCuMr:5FaM2gS1y2F9Ob7HxCr
                                                                                                                                                                                                                                                                                            MD5:9467F653980C1C37E4C64811BA27C976
                                                                                                                                                                                                                                                                                            SHA1:68130FABBB50EAF5CFE2C355BA13B303DD373FB6
                                                                                                                                                                                                                                                                                            SHA-256:821847799A2B7B3A6EC20BA61388AC87707D9C6865BD904A44DE5B033BD2EF29
                                                                                                                                                                                                                                                                                            SHA-512:E72B7802256053589D889B2B7E74A2B53F328289A12CC0D4930D66410D00585C67B2C434512473CD2E74C8F2CB7685C2C34FCFC3DBA4A52399532CEB04153597
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ..............................t.....`.................................2...O.......................0(..........@...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................f.......H...........x.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96816
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1801131806578455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:hJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxwx:hQUm2H5KTfOLgxFJjE50vksVUfPvCI
                                                                                                                                                                                                                                                                                            MD5:F1B2303DD7E152BA70F3537EDB2E9638
                                                                                                                                                                                                                                                                                            SHA1:7E359D4B9011449DABB7F8236F14851A346B5028
                                                                                                                                                                                                                                                                                            SHA-256:8EE8B304339B6F87E79B117F605375AFFFCBABA290A1B41BB6B3C1A40E46767C
                                                                                                                                                                                                                                                                                            SHA-512:A4DD48F1AFF528DADF9974ADA1740CE785823FB584F55191D008158FCFB11F9ADAD8EFF992B8FF761058706C1717E28FBC9C337CF39D4EE4FFAA529501CB3188
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................l.....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):499760
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.056862695710082
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:HXv781Hpx+GfCdLr/jd9yyeEAHweiPofdyz7qd352SW8CdykAfqO:/76BfC5avfdyvc2SN
                                                                                                                                                                                                                                                                                            MD5:3CE7E73DB6F575A0D382DDAA8E1A3C10
                                                                                                                                                                                                                                                                                            SHA1:031C13652C540CA7F798D141D7C3333FB1C71618
                                                                                                                                                                                                                                                                                            SHA-256:692185C37DB7505250E58CC55D6707FCB099315A7FF319A9CC92FD99C5F0EEA7
                                                                                                                                                                                                                                                                                            SHA-512:5270E772613864BD223F31F89CFA500E56E7863967C58C503F92E193AF8C8CAF934B7755868EC21585A38E8D6D186A2DC5528A805A62A0BFA56B59E6506BFF81
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........." ..0..p............... ........... ....................................`.................................?...O....................x..0(..........t...T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................s.......H.......(d...(...........................................................{J...*..{K...*V.(L.....}J.....}K...*...0..A........u;.......4.,/(M....{J....{J...oN...,.(O....{K....{K...oP...*.*.*. 8..z )UU.Z(M....{J...oQ...X )UU.Z(O....{K...oR...X*...0..b........r...p......%..{J......%q>....>...-.&.+...>...oS....%..{K......%q?....?...-.&.+...?...oS....(T...*2.(U...oV...*..-.rE..psW...z.(U....oX...oV...*:...(....(Y...*:...(....(Y...*N..{Z....o...+(Y...*z.{[....{Z....{\....s]...(^...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710192
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.960733432365752
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:bBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUk:bBjk38WuBcAbwoA/BkjSHXP36RMGt
                                                                                                                                                                                                                                                                                            MD5:2A9525F27730CBF9E7145AADE4CDA830
                                                                                                                                                                                                                                                                                            SHA1:A6A99E02599656DE1C7F51B02C84BBA8AAE0346D
                                                                                                                                                                                                                                                                                            SHA-256:29D0073080509DB7F3F20C47980A1347CC4139C5F2E26C9C160AE67CE5EECB6E
                                                                                                                                                                                                                                                                                            SHA-512:DDDEEC7AA9D3F9E6187718564AE1A447FCAB12EC2DCBD26EDD87217B4815C274A6BAF90A027766FCC94815C762ED9BFA8D0DEF6C1B2F84279DED9C66852D381E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ...... .....`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):277040
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.190626027944278
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:rSOIleacQlBh2YQMoIBhpq01TLvlj9b6gRZNsRYA:suQlBAMW0BvltxZ6B
                                                                                                                                                                                                                                                                                            MD5:4ECF017FD71CC84A4CBAB7507B8634BE
                                                                                                                                                                                                                                                                                            SHA1:2343F37490F9A11F5F0878A1553F0FAF504FE062
                                                                                                                                                                                                                                                                                            SHA-256:871D9403D045F94FC433907E49B68894764FCAF81E12FBDE2AC7A08642DDA32C
                                                                                                                                                                                                                                                                                            SHA-512:5FCB9BDA9C857BA1AD2EC0B19AD109AC54BAC91B8F8F00968560623C8AFD01FAEE1078F7C76010C7526A37C46EE0DB74A0E0DB151186F8FB220105F7091FA69B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............'... ...@....... ..............................>.....@..................................&..O....@..L...............0(...`.......%..T............................................ ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`......................@..B.................&......H.......L[......................`%......................................^.{....,.(:...z..}.....*^.{....,.(:...z..}.....*"..(?...*"..(@...*...0..,.......sp......}........q...s7...sj....{.....(....*.0..-.......sr......}........s...s7....ss....{.....(....*....0..(.......st......}........u...s7.....{.....(....*.0..'.......sv......}........w...s7...sj.....(....*B...ss.....(....*......(....*.0..'.......sx......}........y...s7...sj.....(....*F...ss......(....*....0..Z..........}....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):149552
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.059724018456156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:o/S+nps5/3oat9QrwQmUgs0giOBDQntBBGBBKBUkBBXBBgBBFBUABU1BB0BBBBgB:o/S+nps5/3f9Qrdd5EtBBGBBKBUkBBXh
                                                                                                                                                                                                                                                                                            MD5:2FF31980FD256EF1B1E143D4699BB727
                                                                                                                                                                                                                                                                                            SHA1:608A21DA2B243E63DAD9E36EE84BC38C921F8E77
                                                                                                                                                                                                                                                                                            SHA-256:F34AD6FB7847A85ADBE1492C783233A8A32BB5E96972FA3738538CE20513F682
                                                                                                                                                                                                                                                                                            SHA-512:2FEF83A7668D190297863592FBBC8E766042067138C3A163771CDCF1FB284BC8162EA6B7B958CB076B6AB654216B855324AE292F78931C47EDC33B52376943AD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:.R..........." ..0..............3... ...@....... ...............................5....`..................................2..O....@............... ..0(...`.......1..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......H....1..................81.......................................0..S........-.r...ps!...zs".....o#.....g...%.. .o$......+......(%...,...o&.....X....i2..o'...*..0...........-.r...ps!...zs".....s(.....~o...%-.&~n.........s)...%.o...(...+o+....+X.o,.....(-...-.r...pr...ps....z..o/...&.o0....3(.o1... ....(2.....(3...,....o&.....o4....o5...-....,..o6.....o0...,.rK..pr...ps....z.o'...*.......F.d.......z.-.r...ps!...z.(7....-. o8...*..0..U........-.r...ps!...zs9........+ ..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):27184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.334370226233819
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:Bn1VM0JrpNWDcIh6leOiDFIFBYp1+/EpYinAMxCw:BnvXYcIh6yFIFBYpc47Hxn
                                                                                                                                                                                                                                                                                            MD5:A964D6B5F323E343E884A1E4EBBA21A3
                                                                                                                                                                                                                                                                                            SHA1:41FEA32C2FCC56070CF904AB441019F963C83ED5
                                                                                                                                                                                                                                                                                            SHA-256:0214D2C78CC1DBE92853305FA12119BBE09EA06B5EB9C4B4E7AD76B6FAF232ED
                                                                                                                                                                                                                                                                                            SHA-512:3E93C094D3B9D77BAE9C1725B452743FDFA0A20EB07FFC50EA861C501821710A2C29197CF43DCEC1BF089A5BC9B8F2BF57F9FD0EC8D9805D00E32538D03CD46C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... ....................................@.................................dW..O....`...............B..0(..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):73264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.955083228632948
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:R784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRX:R7N1r9KGI04CCARLX
                                                                                                                                                                                                                                                                                            MD5:FA432B69828C0F175E44B367AF91ED2D
                                                                                                                                                                                                                                                                                            SHA1:C0E72D5C64E9B560311EBD1EC3A35CED46386C78
                                                                                                                                                                                                                                                                                            SHA-256:6718AFA55EF89805B69360C9E88347A39CC302AB3C16590E78136C20DB025613
                                                                                                                                                                                                                                                                                            SHA-512:E0C54D9126C557C24013486A31D5477EFF2B800ADAE472C3103EE1F1CD527546E6DCEFB19D5DCE602AEE6DA7A0290F413CE2C6C09DF28D4333C4E62510FE2064
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2950671
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998749206513446
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:Zzp6la8mL4UI0EpZQScJrHOmsBGxL16A5S4GmurSNV6lzb8E4Ow3ntOR1:OI8CVpEUBlltLolrWoznw3to
                                                                                                                                                                                                                                                                                            MD5:AB8D85C093D6F0180BF09EC0F466B78B
                                                                                                                                                                                                                                                                                            SHA1:1DAF355D14D45B1E411F96FA394A98A84C09E53E
                                                                                                                                                                                                                                                                                            SHA-256:D1E08C8DBF3BFC34E3FDFC390D2E7F5B871F95376E7DDA93E3DD0051D580DB40
                                                                                                                                                                                                                                                                                            SHA-512:2882292301E1FB85B410570ECE6CF05F3E89968A02450DBA192A1F97282F1C08ED30819E3D36C524FBA3BAEB6A2C22A10A762C8313E8823C07554B4B975CC00E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK..-.....1N.Y..F.........6...AgentPackageOsUpdates/AgentPackageOsUpdates.Common.dll....(r......I?.......'r.......kN.....r].....x.".3.0.......~....j.).[...i....G....[.\..I*...}q...p.(..!./&.ECZ..w]..Z....U|-..8.L..4.N{.3z.......~a..i.........x.....%.r..7...q..W..J....5.W).*\.Q(...;".I.UB.....*.~G......X/>..$C.R.qD.1.........9K...."ER.....Cx@p..`.....<Z.sr.^...G....wr+|....../.Z.^x..r.J?5...3.}....{(^.]...7>..7.#..B..m............M.}.../...B...I....T.n..rx9...(u"....&&..~..s......q.^...!.N6*.if._.bX.....q@HF.....=.(+..U. ..`.t.?.Xq2.\.e..}...b.0|.$.9|....I.......T.....D^.Ux......|.[Z].'.x..d...r.+Xg....&..M$J.=&M.....|n.....M..7.P^.*=$...I,..... b...+..Q.!..v%...D........K.&u.7..T+...\....A.u..\+.p..a.eI.T..{.j.pX..H.#....5Y..Lwl....7.7.....I.'..M.._{...J.$r..mEp.ZC...gFP..q^}....2)..+...35Y.$...M...>p.Nm}e........+4..@%],8..=....1d.9.6........_.S..g9.[.H..X..le......r4.'..[.N+m.v6I(RIh_..,.d.o.e..t.+D..'#u0.dw.v.T......5...'..3

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):29224
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.373827321096345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:BpWI4FJ1CsZ1pL375SImXkmlkgGIW2W8f8Mn0DpQ8fz0m1NNyb8E9VF6IYijSJI+:vlexZT375i0qvT+b7z1pEpYi606g9U
                                                                                                                                                                                                                                                                                            MD5:7C7EE1A3814D383F682C3FC35779B36A
                                                                                                                                                                                                                                                                                            SHA1:1A1FCA5A7417DA277CB1524B44ECFA58869610F9
                                                                                                                                                                                                                                                                                            SHA-256:7802C8F3F7CBC3AA4F2E0481804149F1C92FFD8BB2AB2437F9E01A7EAFAAFE33
                                                                                                                                                                                                                                                                                            SHA-512:7D50A1BB87B1FA98FBF6D54C1A53CF3C1E682DB334C9AC310442DA6440F084FB9FF32430C7E0C72EBD787905F55810D3C4846CF60A0675C2467D0BF6B53AD719
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..@..........N_... ...`....... ...............................R....`..................................^..O....`...............J..((..........@^..8............................................ ............... ..H............text...T?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................-_......H........*..`3..........................................................:.(......}....*..0..X.........(.......o......-.....>....o......2.,..o......,..o.......{....r...p...(....o..........*.(.......$..........&...........88.......0..M.........(......-.(...+..8.o....../.,..o.......{....r{..p.......(....o....(...+....*.......................&&.%.....0..].......~......o......-.~.....o..........o.....o........{....r...p......%...%...%...%...( ...o......*....................0..O...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2006
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.012466327549389
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:327h+1/gF27RgdSagFsg+w3jdgDSg+CagFPr7:K4Mw9cr7
                                                                                                                                                                                                                                                                                            MD5:DE33D7BC716E96683CCAEC7E3DECC54B
                                                                                                                                                                                                                                                                                            SHA1:6CAC5E2AE17A91F55760F3652DD1D954CFE34848
                                                                                                                                                                                                                                                                                            SHA-256:E9EC2DB29E1A7F44D6FAD976E29627E2EBCC1C9FD1797D56A69106260B70B65D
                                                                                                                                                                                                                                                                                            SHA-512:353BF5BC4E47C7218CD3EECEE83301950FAA7D48644BEA3FE2F47B5AB432D43B466EBCF8E1A1911923EC423D30682A8FA42A3EA878E7D85C8E91EC841543B887
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):201768
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.74845613160659
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:gi5nVoxzGZzezm87EmUQ9XILSWUPH309T1qT2tl/pR3rPd3iqiTjFvd0uhH:nRVICezm8779XI0/YTx/pFLNiqiTjddN
                                                                                                                                                                                                                                                                                            MD5:D0D21E16E57A1A73056EAE228DA1E287
                                                                                                                                                                                                                                                                                            SHA1:AB5A27B1D3D977A7F657D0ACDF047067C625869F
                                                                                                                                                                                                                                                                                            SHA-256:3DB5809F23020F9988D5DB0CF494F014A87B9DC1547CF804AE9D66667505A60C
                                                                                                                                                                                                                                                                                            SHA-512:470BAC3E691525FF6007293BAC32198C0021A1411BA9D069F88F8603189B1617C2265FE6553C1F60EF788E69AFCB8AA790714C59260B7C015A5BE5B149222C48
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............."...0.................. ........@.. .......................@.......C....`.....................................O.......4...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...4...........................@..@.reloc....... ......................@..B........................H........... '............................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. K.. )UU.Z(.....{....o ...X )UU.Z(.....{....o!...X*...0..b........r...p......%..{.......%q.........-.&.+.......o"....%..{.......%q.........-.&.+.......o"....(#...*..{$...*..{%...*..{&...*..{'...*..{(...*..{)...*..(......}$.....}%.....}&......}'......}(......})...*..0...........u.......;..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1780
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.027025756159462
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3rrL7h+1/gFSagFsg+w327RgdSg+CjdgDt:7r34owoR
                                                                                                                                                                                                                                                                                            MD5:09CDFC3063DEC485A3C48111D5CEE297
                                                                                                                                                                                                                                                                                            SHA1:02CEFEC66B6B2EEE120F97493D438F3B270AB5CA
                                                                                                                                                                                                                                                                                            SHA-256:0ACF70AE533AF7D079F370AB3102B9563CA4C447C5DFC7A20C88AABE04295C01
                                                                                                                                                                                                                                                                                            SHA-512:CA39056F79EFC8CE050FCCE1AAC21B2E7B62E65A0521E3CABF90C58A7249107658C2D208706FEC456CCC74D58DCDC22E23ECBAA43684613D4826505A426E1CB7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <depend

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:WhWA:Wp
                                                                                                                                                                                                                                                                                            MD5:9A5E9A329E4E73E0C499371205A810DB
                                                                                                                                                                                                                                                                                            SHA1:5B6D85657D4ACD89867283FBE372E9E85C30686F
                                                                                                                                                                                                                                                                                            SHA-256:D109087C4CA318CAD74B7560C32594D37181885ADBDC9348BA1DD35D47B35B92
                                                                                                                                                                                                                                                                                            SHA-512:02BD5261B9E795ED5A07BADD65A6CF71D18751452FB44BDD424DFCC6C50BA7441E0066B125E731018FD6F1A8A002AC4E6961C7EFF21C36FBDA58C8015A100C43
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:version=30.3

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):102440
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1906245131779745
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:pPAt6+FT+ZGodV5iYbYSWd85e+ZS5sSak42QhLks2OLv476sy:p2bYbYSWd85I5sSakFQhHLv4m
                                                                                                                                                                                                                                                                                            MD5:D33CE12A25C2675057480654E98ACDC5
                                                                                                                                                                                                                                                                                            SHA1:71F6AFF63988BC9FC9E8D08DBD0151F62E6A8647
                                                                                                                                                                                                                                                                                            SHA-256:F188D7C9B9C35462C556CF87A6F0880B5BAF395CE255F57076CF9AC8DC0E1A2A
                                                                                                                                                                                                                                                                                            SHA-512:DBD65A27A33AC5C3507716E89AE40413B4C2AAC3BE7415977E9447FD89FB7164B7DCB6A8B8974434AE04A7A6917DB32810F1E278EEAD2590C327E30B9A125D1A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5*f.........." ..0..^...........}... ........... ..............................u.....`.................................`}..O.......8............h..((..........(|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............f..............@..B.................}......H........s..|............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):95272
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.9964164933276605
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:A4aRSNSrXS5EaKoDMsUVl0HAWMco2bJkjUB76654:A4auS7S5Ea6WMcpuUBL4
                                                                                                                                                                                                                                                                                            MD5:FB232BA20FACFAD72C87477E1B2B3D72
                                                                                                                                                                                                                                                                                            SHA1:1DFB6577FE0E2E2C60D3848AC588E94F7D93EAB5
                                                                                                                                                                                                                                                                                            SHA-256:828092942C6967EBBAA62BB4F0AEDAAA97522888B59D9DDF708CB863B9D2075C
                                                                                                                                                                                                                                                                                            SHA-512:EC546864F910B72A2723B60C3FA580F6CAE753E623EBE90884B70EBF93E8B511028B355E03F3282D8C5FBC82B6E128FD0893046103DECE289BD371730BA31C53
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=$..........." ..0..B..........b`... ........... ....................................`..................................`..O.......4............L..((..........h_..8............................................ ............... ..H............text...h@... ...B.................. ..`.rsrc...4............D..............@..@.reloc...............J..............@..B................A`......H.......Lh................................................................(......}......}.......}.......}........o<...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po ...o....*..{....o/...r...p.(....(....o%...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.656724826773557
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:aXh+/DtY2PLNyby2sE9jBF6IYiYF85S35IVnxGUHFeFlWNZrO:aXh+tY2jNyb8E9VF6IYijSJIVxaFatO
                                                                                                                                                                                                                                                                                            MD5:B1224C51F1E9A789EE35AD5218220D2B
                                                                                                                                                                                                                                                                                            SHA1:78043C5AE8AF03B893A4A7C28AB47566A0764B1E
                                                                                                                                                                                                                                                                                            SHA-256:662723280B3F78040BB1DAA661F41AC4D5C5361827273541B569F0B5D1602125
                                                                                                                                                                                                                                                                                            SHA-512:46735609B77A36745CA0BBB353FA1DFE2294382F7F96562C84CE30751D8340C184E62B1FA0DACB2483F5A62166A691CD1A547D2310F9DAE01C3423BF1267E47D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............v,... ...@....... ...............................(....@.................................",..O....@..(...............((...`......H+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................V,......H........ ..d...........................................................&...(....*6.r...p.(....*..(....*..(....*"..(....*. ....*.r-..p*..(....*"..(....*. ....*.r...p*..(....*"..(....*. .*..*.r...p*. ....*.rN..p*..(....*.BSJB............v2.0.50727......l.......#~......<...#Strings....D...$...#US.h.......#GUID...x.......#Blob...........G..........3......................................................................f.....F...........n.................M...........2...........Z.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):75304
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.241390537473756
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:Hu2lKxktXgl4icipJNz671/nVYWREDnAvk2jkbukZmyJsldySMcAn9fG1EcfgrYA:OF+qo7mDEwj4NXLGcfgruFcaD76jZ
                                                                                                                                                                                                                                                                                            MD5:7EB99AA11E05B3EFA0F65A4435FFB315
                                                                                                                                                                                                                                                                                            SHA1:F07773C71BDB5769667B38E531AF58F64445F74B
                                                                                                                                                                                                                                                                                            SHA-256:0AB86983F01493D5B8297A99BAB27CBF097A4FF68384C1A039DC8B1B0C302C17
                                                                                                                                                                                                                                                                                            SHA-512:6E79E621D2893FB51933BEA95376B40CBBDA947B74A2AF7604166C821D6E8CD98BC357DD8DC16E250E7176D0DA7E19AA3D4702D4149E4215F0BF6D38A9CEBDAE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F.... ... ....... .......................`............`.....................................O.... ..................((...@..........T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................%.......H.......t<..`.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):51752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.405565171295978
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:ZQMnMYnUFMSptE7C+t2RO3neZN8752vwzE8Kku6ZFMLcyXXEpYi60k:Z9MYn1seLE8JFMLcyXQ76h
                                                                                                                                                                                                                                                                                            MD5:11AA54E91257EA281D455DB6B77811B9
                                                                                                                                                                                                                                                                                            SHA1:13734726D6CB87F3A02E78A2C68FC2A35CAC9B24
                                                                                                                                                                                                                                                                                            SHA-256:63E84943E0173957D2B3869CE2E0134359FB36F5DCCEE1B8A9B1029071039D2D
                                                                                                                                                                                                                                                                                            SHA-512:2539F92E62CD67EAB842E5A982A9611B0828D547D18BE30DD8A69FA7841D629AE9E9589A41A36D472A9E68DC7CA1E063A8CE4A9D526B5266B7BB1BB5FFC4FA3C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............r.... ........... ...............................P....`.....................................O.......4...............((..........4...T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................R.......H.......XE...q...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....O.........io ...&..i.X.O..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....O......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):145448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.203592588382526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:zRdbKQx0YYK8gwbUEA5xZs0vVV2yzlhXhYThkyFqhtuElLVwkVJe5K+Q7P6IlIhO:t9XeDmzV2yzlhKLFU1lLVp1+2flYFnQb
                                                                                                                                                                                                                                                                                            MD5:C0DF597621C8B37AF65BB61DE0C42AFF
                                                                                                                                                                                                                                                                                            SHA1:7676065361D8822586F8A2E06C5D6BDDD23A3EEC
                                                                                                                                                                                                                                                                                            SHA-256:F616623B4CC8999F0DCADC73F98BCC4289EC90CDFA0749EACB3FE2F0401AB474
                                                                                                                                                                                                                                                                                            SHA-512:4F43937B440B23145F0A87295AECF7160118D71BCD1A0D2650FC025C7A630F5AEA773A28593F77C67A8C2C55FDA7299BA3F0C09BDAA4532FDAE9FF88C673B393
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....nI..........." ..0.............v$... ...@....... ...............................U....`.................................#$..O....@..|...............((...`......,#..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................W$......H.............................."......................................V!.b.....s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96296
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6334365923289385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:92kKfq2RQuKDMOoytxL2L4zP+YuqL2zL7SAaDx4lbOw6OhkW76fJrk:OQmyxL2L4D+YZL2X7SAaqywjhkWerk
                                                                                                                                                                                                                                                                                            MD5:372842434C221E20896C8F46EDACA92C
                                                                                                                                                                                                                                                                                            SHA1:F58A0757262F84933744252A0B4FC1D38F15DB77
                                                                                                                                                                                                                                                                                            SHA-256:FA88BB99081003615E0BED4FA5AA167333DBE0B05A1A63B51FAA5DA7BFBE5663
                                                                                                                                                                                                                                                                                            SHA-512:A1A9A8B073F0323ED64D21A894BB93CC86157F3B8B576D1496854D26AC05334FA124E094F60E632C0F49B117B7DF0124AD2C5329A2E34F94D0A34333D0DB242A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....W...........!..... ... .......7... ...@....@.. ..............................s.....@.................................47..W....@..p............P..((...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc...p....@.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):386600
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.135937789568278
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:9sETsbZnV4Nsaw8MkaybNq0qJh1rDHq4so8maLvdGCBg/8Q/ZmvEyJ:9sbZnMfwWFKFrrWa8BvEyJ
                                                                                                                                                                                                                                                                                            MD5:32C2B12FDB90808935E6EAEBC0C5FD78
                                                                                                                                                                                                                                                                                            SHA1:A18B77B7BCC1D041407D7156601F3B5348656B02
                                                                                                                                                                                                                                                                                            SHA-256:35A59D6F04E98951767DE04524EB64B7CA726E205991CD0931527F455BF0F3F8
                                                                                                                                                                                                                                                                                            SHA-512:CEE29FA1F7F976A4DECAAB7C30FC4951D540A30DD2EB4515605BB62CF0ACE9E8712CF9FAAA4DFBF7B6B60EEE5A9A2C5CF1A46785322D15CA2BC8F528225C8004
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ......_.....`.....................................O.......@...............((..............8............................................ ............... ..H............text...0.... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H.......T...$...................x.........................................{0...*..{1...*..{2...*..{3...*..(4.....}0.....}1.....}2......}3...*....0..q........u........d.,_(5....{0....{0...o6...,G(7....{1....{1...o8...,/(9....{2....{2...o:...,.(;....{3....{3...o<...*.*.*....0..b....... ...u )UU.Z(5....{0...o=...X )UU.Z(7....{1...o>...X )UU.Z(9....{2...o?...X )UU.Z(;....{3...o@...X*...0...........r...p......%..{0......%q.........-.&.+.......oA....%..{1......%q.........-.&.+.....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.83810396352101
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:7N9VWhX3WseNyb8E9VF6IYijSJIVxF5WGJ:RGZmEpYi60h
                                                                                                                                                                                                                                                                                            MD5:E88A7FE06B461A6EA66D56E239910CC3
                                                                                                                                                                                                                                                                                            SHA1:7CE72B25B887DDAD309ED0C7EE2A504AD1913B9A
                                                                                                                                                                                                                                                                                            SHA-256:625D7259448DF2BAF8844310FB95415F00B8BAA4F8300CE2C43F90CA9AD523A8
                                                                                                                                                                                                                                                                                            SHA-512:BA607172615D676E9786C4E3E92316BFACFE2589D29F4AE95B1F2FD967663812520A40ABABAF7ACC844E4D01190B084460BC5BF82B9EF183DE3684CC433FA90F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................m.....@.................................T(..O....@..0...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):331816
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1686260686243735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:VBhhiUWKJzPZNRntAXIjxs2f5Jg53XWlvidurmdIq8KmefViYkJTVBXi3VaKtNTn:VDMUWITZznu85k8Wdn8KmCjIFi3Vvb
                                                                                                                                                                                                                                                                                            MD5:84688C58A26961FB5CC64B9C07245201
                                                                                                                                                                                                                                                                                            SHA1:B823A565015EA4D6056FB776C2878DCFBD45F65C
                                                                                                                                                                                                                                                                                            SHA-256:2AFA0F82215A9821746C680EC3CF8358244EA71689A3074EC8BB1BEF7D39DD67
                                                                                                                                                                                                                                                                                            SHA-512:162AD6C55E9F3E7E7962885FE0AFD292C73DB9469354760BA0E949B9D8BA5E6657ADB7768D0432CDED9128D82293B3D1B8A933908D09FC07E95C7A6BAFE94ADC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@...........@.....................................O.......................((... ..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............9..............H.............................................{....*..{....*V.(......}......}....*...0..A........u3.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q6....6...-.&.+...6...o.....%..{.......%q7....7...-.&.+...7...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u8.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):883752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.071445078992113
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:E1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQS:E1n1p9LdRN39aQZUqD
                                                                                                                                                                                                                                                                                            MD5:B65642D5C268E5335B6D5BFFF0690DB0
                                                                                                                                                                                                                                                                                            SHA1:A58882087ED8377F88F9BAA6E448E64D214BD048
                                                                                                                                                                                                                                                                                            SHA-256:7A202887AC81D4C379102C5E66EC02AE6C58DEBDE9AB99D72B50263F83862B7B
                                                                                                                                                                                                                                                                                            SHA-512:8E7DA62E9D0E288DC9EFC9559A2640A0C05435D6A25F8023857256A4B4C9AED55593220A930ACB6D171E01D968F1B2CD9748191DE7E242707E1704D140980B03
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ...............................I....`..................................c..O....................T..((.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710184
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.960272795417215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:IBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUc:IBA/ZTvQD0XY0AJBSjRlXP36RMGB
                                                                                                                                                                                                                                                                                            MD5:154279B228E454EF4F2C00E6641C4156
                                                                                                                                                                                                                                                                                            SHA1:7ADC7DA40FAF7F84E5F7EFC1CEA2B1A782B6444F
                                                                                                                                                                                                                                                                                            SHA-256:24FA79B003DC41A0C8BB5B093C84767747BF92679559B329A5F97CB1BFB7E9ED
                                                                                                                                                                                                                                                                                            SHA-512:9D521972D56F47824D35E47BEB3A1AF8961CFD55E1C4CE07053BAC373CF80A980C5415D0E5CEAEBF71EBBBC087D76E633286094516CDD4B2F987CEAE00DB37D2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... .......'....`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):285736
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.184607903346133
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:vZAWDkTmokB1QI3A5XeedC1OcQykFlE1WhOMiSdNrgClZ73HpsP+zvz:vZU0BJwuOcrl1w7HX3HW2
                                                                                                                                                                                                                                                                                            MD5:57A1AEE6DE2FA4131930B08624B644D8
                                                                                                                                                                                                                                                                                            SHA1:8823A7D95F04C5E09F00858EEC8E79FBDF19FFD8
                                                                                                                                                                                                                                                                                            SHA-256:C4146ACBDFAF502E9D48817D75C3E55C34DD2FD809B1256C25E151F431D09650
                                                                                                                                                                                                                                                                                            SHA-512:476E308A37B7EE55380B5C70A1CF5E4F9269E5D29C2987CE2B67060069D256E2797DB21185F1A1688284EF455764278E9C27CB11CDBB9A6AAB4A81822EDA05C9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&............" ..0..*..........&H... ...`....... ...............................<....`..................................G..O....`..L............4..((...........G..T............................................ ............... ..H............text...,(... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B.................H......H....... d..t....................F......................................^.{....,.(F...z..}.....*^.{....,.(F...z..}.....*"..(K...*"..(L...*...0..,.......s.......}............s9...sv....{.....(....*.0..-.......s.......}............s9....s.....{.....(....*....0..(.......s.......}............s9.....{.....(....*.0..'.......s.......}............s9...sv.....(....*B...s......(....*......(....*.0..'.......s.......}............s9...sv.....(....*F...s.......(....*....0..X.........(:...}

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25640
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.561297207852954
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:yAQk7qYbA6fXDpLk5LHAxOEaGxBtNXNyb8E9VF6IYijSJIVxsfJH:R1LOg3BtNbEpYi602H
                                                                                                                                                                                                                                                                                            MD5:972828A8463F21F9D3C52893BEA77D25
                                                                                                                                                                                                                                                                                            SHA1:135C36153186F2BE11B7EE4F7122310000B3EB71
                                                                                                                                                                                                                                                                                            SHA-256:7D39C2DA637722ECB4D54846B0378D7BCFF82378A5C3FE1C699977AF7F8E368D
                                                                                                                                                                                                                                                                                            SHA-512:B99D577447B031F45BD876B1A26E4B72503359EC743FE4A9A28CF2014E24D3AFE542F7FA961D22B184E5758AFE66A17A7ED1FF738FB8F24A4283DA5C2C2F72D1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."...0..2...........Q... ...`....@.. ....................................`..................................Q..O....`...............<..((...........P..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................Q......H........*.. &...........................................................0..:.......~....s....(.....(.~....r...p.o....r...p.o....(....o......*.............(......(....*.s.........*.0...........(.....(....o....r...p(....}......}.....s....}......{....s....}......{....s....}......{....s....}.....s....}.....(...+.~....%-.&~..........s....%............s....(.....{....s ...}......{....s!...}......{.....{....s....}....*.0...........(....,..(....*.{.... ....rU..pr...p.o"...u(.....(#.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2029
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.997010915207503
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3Aruz7h+1/gF27RgdSagFsg+w3jdgDSg+CagFt:wruv4Mw9y
                                                                                                                                                                                                                                                                                            MD5:A1DB8C019769BA7256F40E580304C782
                                                                                                                                                                                                                                                                                            SHA1:6C0D70EE9CEBFC288A88B100F59D5554F8C42A35
                                                                                                                                                                                                                                                                                            SHA-256:FC68DEF71CD783C53B3D106317F879E544E3443A55AF195BDD6C663F8051A96F
                                                                                                                                                                                                                                                                                            SHA-512:795C141D06E70CD0D91ACFFE74F519EDB78382588B10927D456D20AA70D10BADCF02A626B8B666B00B21CAFCD555F03029D16EFAABCF1D762D58AA8095B6527D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependent

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):210984
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.348173320507078
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:rsMNkrE4AOS3ncIzkq2ijc3Y28MNwH5Z54a7v:wMNkrE4AOqcIzQijLt
                                                                                                                                                                                                                                                                                            MD5:9098FDEBF06AD4F86DBC6567B8F0E889
                                                                                                                                                                                                                                                                                            SHA1:6B38B07BDB90F452591D4679BFE5CC436E048E48
                                                                                                                                                                                                                                                                                            SHA-256:D85301799C1080DD41E88CB37FC4D27465E2AD888ED527EB28BB2A2A2EB8E03D
                                                                                                                                                                                                                                                                                            SHA-512:E7F54A26E75FF693C2484B78571BFB95F95E6802BB37E4AAB622C4CA095C247A9A729AB025784078C29ECA58C23FDD01D9BDF0DA166A096B11D0E6CD7DB4CC7C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z............"...0..............;... ...@....@.. .......................`.......p....`..................................;..O....@..@...............((...@.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......@......................@..B.................;......H.......H$...............................................................0..;.......~....s.....(.....(.~....r...p.o....r...p.o....(....o......*............(......(....*.s.........*.0..x........(......}.....(.....s....}.....s....}....(...+.~....%-.&~..........s....%............s....(.....{....s.......s....}....*.0..5.......(....--(....o......(.......(....+. ....( ....{....,.*....0..I.........i....*..{.......o!.....{.....o...+.. ..{....r!..p.o....(#...o.......*.*............'..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19433
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.9963400212242055
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:hrg4CdkumUwfGReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZY:hrPOPUDCTHffIz
                                                                                                                                                                                                                                                                                            MD5:78AE9CC6C7B11BAC2B18E82FC7623CDB
                                                                                                                                                                                                                                                                                            SHA1:8314E6F35448B820C7C703FC3E4DE598D2A51AEC
                                                                                                                                                                                                                                                                                            SHA-256:D3841AA3440CDA26776DDE128157294E69A70B21344D5877D640C457353C2DCB
                                                                                                                                                                                                                                                                                            SHA-512:CE6A750E75090487C47095B80D47F5AD0C3D3DE4D6EC58A01E14CC694600FEF951AE371DD2A1B82C756ADD66825611B13240DDD3AAE6339ED85DBD3392DED7E5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Numerics.Vectors" pub

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):284200
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.116902682924283
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:3ZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xH+:pgo0WPVTXge
                                                                                                                                                                                                                                                                                            MD5:988C9D7CB794FB98A0F00B1CAC123D30
                                                                                                                                                                                                                                                                                            SHA1:731A6D91362D0B4245FDD328B17E6F505E48EF80
                                                                                                                                                                                                                                                                                            SHA-256:1F3ED7348B7C41CFFDB9A062C9B654931ED590C77EB4836BCD77A7C64B0AC39E
                                                                                                                                                                                                                                                                                            SHA-512:AF6DE7DC4C78C8C2055BDC99FE9C650E5C44470F0913C3B8D495B7846F63BAD0328918E73C04A542DE4E67C800FCD83925F11C3D174C8C8E1F07D27497AA95E3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ...............................0....`..................................B..O....`..D...............((...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8059658320981615
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:WDNxWQFWsoNyb8E9VF6IYijSJIVx5+ssR:WDNVLAEpYi602R
                                                                                                                                                                                                                                                                                            MD5:C2064A5B14C1F424718709B04DAF0FB0
                                                                                                                                                                                                                                                                                            SHA1:326FD58B738A32D9DCA68012F5A6DC1750239365
                                                                                                                                                                                                                                                                                            SHA-256:A14785B5EB132463A789C8F8BAFC61743A8E7455EDCFC2D4575DA21E418D60E4
                                                                                                                                                                                                                                                                                            SHA-512:4BD4E5C38F542AE41E4FE2A0FAEA69D8B37096BC523911D2263BE861CBE4A64B9EDE87DD8B3D17DD6B25A57A05038C241171784DD63EF4EA1495B1FBF17B3ECE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ..............................(.....@..................................(..O....@..................((...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22056
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6706281590582215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:vrMdp9yXOfPfAxR5zwWvYW8aznNyb8E9VF6IYijSJIVxAyiI:vrMcXP64LEpYi608I
                                                                                                                                                                                                                                                                                            MD5:9FC668EE53969623508CCF6611FD57F4
                                                                                                                                                                                                                                                                                            SHA1:81F19A067020D8B9CC0F9FEBCBC50D94B9630C88
                                                                                                                                                                                                                                                                                            SHA-256:E9880A6D15335C034660442B04F89ED53E1BCF0188B059DEC110A4152F4EF413
                                                                                                                                                                                                                                                                                            SHA-512:41E3C071BED8B32444EE2D55513E91839A6076E2CFE534033290DFBD4E0442CBD985EEB7B15ED4400DA4686514EF45C2B8FC39E690DD3B79D44F1BED24B0AD2A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ..............................U.....@..................................B..O....`..@...............((...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.907673358776868
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:vm2igOWnW8rW/tNyb8E9VF6IYijSJIVxPT89xNgl:XtaJEpYi60w9I
                                                                                                                                                                                                                                                                                            MD5:B1530AF38169AB17993803DCBBC97C15
                                                                                                                                                                                                                                                                                            SHA1:0C4D4B813EB48CAF441C0987583D8E2B4A8E6FC2
                                                                                                                                                                                                                                                                                            SHA-256:79F518D394DCB75B424F364C2DBCB7E114B51DA4C0DE8BAA6CC5559FF781A152
                                                                                                                                                                                                                                                                                            SHA-512:F8A9E3C2BC50CABA0E7BFB2AC747D8DBBAB7A82E361C85212148048E5FD66C4107323943E753090BFDDF7267A7B53390DD61FF954868CA664EB6933F5D7B41E7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................m.....@.................................t)..O....@..D...............((...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8985842585077926
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:nnapn1iwwPWcGWT5JNyb8E9VF6IYijSJIVxagmKEFYm:aDur5NEpYi600T3
                                                                                                                                                                                                                                                                                            MD5:0763A802D1B4B276635E612F35E23FE8
                                                                                                                                                                                                                                                                                            SHA1:3C256531D21E35595E3699DBFFD9C9C50CC9098A
                                                                                                                                                                                                                                                                                            SHA-256:C17C283DE1A8ED8FA5438DCB8126EB91511E2C49D0706DA50813E23466679DF8
                                                                                                                                                                                                                                                                                            SHA-512:87666AE8FDC33F07C696B0C0057347376E5EC47AEE0F7FC5EC0070F5846194E9BCC1BF624872C11C4ECFC9F2F7A10E5CD3EFC9591948D5DC41CA43AC5DAFEB16
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................p)..O....@..@...............((...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.905536792862369
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:qHLaEav5aaUa6arWVLWrMNyb8E9VF6IYijSJIVxg3gDHvA:bPv5t/NOOMEpYi608cPA
                                                                                                                                                                                                                                                                                            MD5:847AC54FBB84C86BB024795BAE96C693
                                                                                                                                                                                                                                                                                            SHA1:D2124E516D2D01B3B840800A15B2B6E2F2DA972B
                                                                                                                                                                                                                                                                                            SHA-256:4B45720B96ECCD3B3F812ED05E4835A5EAFC3FBFD6505D0E7098864F8B4E44BB
                                                                                                                                                                                                                                                                                            SHA-512:A22494D45CABBC91C732D35EA3CFCAB7207AA62F2FDD872E5BEF252F0CE67E1D9524747E420BB09A10262607F305C734F89D7806839D99D1048367323C54F715
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................c.....@..................................)..O....@..P...............((...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.75992303278916
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:06iIJq56dOuWSKeWukNyb8E9VF6IYijSJIVxHDRxQxd:GiAuEEpYi609mH
                                                                                                                                                                                                                                                                                            MD5:435008FCDC6949D74403F8937A9DDED0
                                                                                                                                                                                                                                                                                            SHA1:4E9C38420DB7C87C58AEC9271E8A0A968F47AA96
                                                                                                                                                                                                                                                                                            SHA-256:A4A1EA474185E9D56EFCAB64E6A34FFD563CC028A91BB1FE85BFD97773F1FC92
                                                                                                                                                                                                                                                                                            SHA-512:81A7D83D7484BB1B38F9B2164AD42D0D31346626653F9503977942C43F49C7F43227718B50A552AB8D26FA410D08EC8E034B4F71466916B51BC14F1743B38379
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ...............................x....@..................................*..O....@..................((...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8111682906136926
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:onzz+MpSaLWW0+WCANyb8E9VF6IYijSJIVx1JHtZ:mpui4EpYi607NZ
                                                                                                                                                                                                                                                                                            MD5:A380572A319B32A3B1D2D2D2C198E86F
                                                                                                                                                                                                                                                                                            SHA1:978096C136F070F4D628E7969BF03110275C3E34
                                                                                                                                                                                                                                                                                            SHA-256:2B8D11EC79CA4F85DB4AB9FDD54B13764006051CF6D212B726F15C798A723F9F
                                                                                                                                                                                                                                                                                            SHA-512:34B10A058B1EF692134C37EBE9337F5A1730B70C3153345CB9F9DB5E89F76FEE2FD8C3C129106A8730436C391ABA2D8B4C9F4AEB2B01F64DF2C540A0E0D69346
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ....................................@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.859379458293653
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:gGhr+YUfyHxsW/HW5zNyb8E9VF6IYijSJIVxVUlNb8:XkmcvEpYi60yb8
                                                                                                                                                                                                                                                                                            MD5:4D36FD75A70633F10124CCF793AE139C
                                                                                                                                                                                                                                                                                            SHA1:DDBBEDCA52929A9DCFCAB83D39897B092F8BBCE4
                                                                                                                                                                                                                                                                                            SHA-256:652F384CDBE805992817D54B5FA1B2C680367E0D8C49AEE3C72024C9803ADD66
                                                                                                                                                                                                                                                                                            SHA-512:32905A1EF9AE27309932673DC0BEEC9A93EBA9DD202A8187C1614EE1AEB8B4F93133985F52D60801189130684D49C507455C7AB59DA2FEC31B4177EFD619DA80
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ...................................@.................................<+..O....@..`...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16936
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.785283839401024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:GRE+ruiA5vzWeNWdSNyb8E9VF6IYijSJIVx4XyHyT:GS9b2yEpYi60YMyT
                                                                                                                                                                                                                                                                                            MD5:6328ADD138DF8C29E75BC14F5D2120CF
                                                                                                                                                                                                                                                                                            SHA1:9E1E01B0FB0EA37CE687EF3E1A4FC267F303DBC3
                                                                                                                                                                                                                                                                                            SHA-256:2635E454447F993496F17722DF0133AAE4BD957F8D15AD759256D55C45B2D9FB
                                                                                                                                                                                                                                                                                            SHA-512:7A69AED46E057318D88CDCDD457C0DAD8EEE58013B44A5C5CA1BACB78CB7AE3DE753D3901C1386476D3C01D4E5965822BC24415BAA6FA5E08D2B2C403964528E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ....................................@................................../..O....@..p...............((...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.849856881849517
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:pT+6ywnVvW0LW5SNyb8E9VF6IYijSJIVxcWfnt:p998yEpYi60Jnt
                                                                                                                                                                                                                                                                                            MD5:A4A7F63BFEF46103347EFA5C1F23A84F
                                                                                                                                                                                                                                                                                            SHA1:8947AF46ACFE76152410E3086D7595DC84C1EDDD
                                                                                                                                                                                                                                                                                            SHA-256:3B1E09BB2A59E8EC4251973E8A58DDB993EDAAB976914F9FB09DC32D77B4F9BF
                                                                                                                                                                                                                                                                                            SHA-512:BB71DDE1B6C464828B7FF6095B7F0FCCECF15AC04249DA43C1C57155E1800BCAFADA758E1097D45CB2DE3E5BA82F6F59B74D0C0AFA683935CA37D4B638DD115D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..................((...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.848390763178357
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XRbzriaXT+WlEWe5Nyb8E9VF6IYijSJIVxri+t1sD:B7icodEpYi60u8y
                                                                                                                                                                                                                                                                                            MD5:A0700CED3A42A611A476CF0289F86986
                                                                                                                                                                                                                                                                                            SHA1:D4352EBDBDDDA7BD594AA61E5EDE7DA19311C6A9
                                                                                                                                                                                                                                                                                            SHA-256:662D9B458771B5948EB4D1BB1C382B9D9D442877261A26EA83F43FAFBDCA72FE
                                                                                                                                                                                                                                                                                            SHA-512:928AB8830ABB0A389F6863125FEFBE418001A27DA25F277EEDAC99218201DEB659E8B8D82761B5418947E847E6D446288EDA6B09CD51FC41C8C16355149F0DA5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ..............................'.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):148520
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.418180901091705
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1dYO+3m9R6e1x03BZ6bDSzZ8B0uAP+CSE:j+2jv1x0ebezWiu8
                                                                                                                                                                                                                                                                                            MD5:F204707F338F6C7819482922C0958D10
                                                                                                                                                                                                                                                                                            SHA1:4EC0D04FD7E2B8834A6AE96A2380F97965562E1A
                                                                                                                                                                                                                                                                                            SHA-256:1379BE52E32EAD9795E1F3270B91A29119B59BC7DF16F3B9BD1A0E00954FC10D
                                                                                                                                                                                                                                                                                            SHA-512:68888BA7746EAAAEC6C0AD64B5A8B0EC27547E0A40B98A34109ABA051BEE07082C5359D9E22078E4D0D01B7F09C1075A0F21CC749A465EACC58BD90338FD5297
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ...............................&....@..................................,..O....@..................((...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.810928431259459
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XRtRWjYWw9Nyb8E9VF6IYijSJIVxIRMki:nie5EpYi60z
                                                                                                                                                                                                                                                                                            MD5:3C52E43E526A4DDEA7E21D3F6CB0934C
                                                                                                                                                                                                                                                                                            SHA1:48B0A29FC2CBB6E66414D44FE0D36E02A61B501B
                                                                                                                                                                                                                                                                                            SHA-256:12545A778E40FAC4A5842D56E9C5571B7BA370B2A04883A82C1C86C3979F78C3
                                                                                                                                                                                                                                                                                            SHA-512:7F0EBD61CE00268436845C4C513BE19E7311CFDDA5AD90CB6AF6F4274D865649C437240961415DADEB0178E5A26DB2F8B7F8943BAB5ABEDE833F3DCD86E166D6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................p.....@.................................x*..O....@..@...............((...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.890844337955829
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:nFxrIFWnoW5BPrNyby2sE9jBF6IYiYF85S35IVnxGUHFK1+Jm5RmP:veWnoW7zNyb8E9VF6IYijSJIVxG1+MbU
                                                                                                                                                                                                                                                                                            MD5:039CC956B7A5891ECC3799D805EBF444
                                                                                                                                                                                                                                                                                            SHA1:6F13A284F49B152F14ED6C23E41A4550CCEBD841
                                                                                                                                                                                                                                                                                            SHA-256:E679990416DF09D59345F070E659D13D3F8424FD04642D993989511BB188F7FB
                                                                                                                                                                                                                                                                                            SHA-512:2B23E0B70F345BE16D828537BCE22113DF136DA76F23B1227D11AEE653D5D73FB5CB87FACE86CB378F1C9CCAD564F1BF351C522F719716B02772389073CB64F4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................:....@.................................X)..O....@..$...............((...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):99368
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.23639961491798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:qnDoXrtUaK/XIg+rZAXj8s9HaWt9LuOw9VHHV55aTwWbaD763fJ:CitRK/XIgIZAXjD96WfLtGdM5baDC
                                                                                                                                                                                                                                                                                            MD5:4CBAE74F248C3612DED81C2750580F91
                                                                                                                                                                                                                                                                                            SHA1:6C0BE7421FDDEF471857829BEDB1E784C0876C95
                                                                                                                                                                                                                                                                                            SHA-256:090AE8D4CA0932EFDBA54F21062FEFF98AE780C849F28512EE70007521550EA6
                                                                                                                                                                                                                                                                                            SHA-512:ECA366B2A8C7918F4E165B21294929A5F4DC3A87593E43C6826C932F74DCCC4BF26BAE728CBCCAF3973E0ED47BC56A67DF8FF96D8EFE476830F4D73F7DF7D4F9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.#..........." ..0..R...........o... ........... ..............................n.....`..................................o..O....................\..((...........n..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................o......H.......4................e.. ....n........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..yN )UU.Z()....{'...o+...X*....0..:........r...p......%..{'......%q.........-.&.+.......o,....(-...*..{....*:.((.....}....*....0..#........u......,.()....{.....{....o*...*.*v ..:. )UU.Z()....{....o+...X*....0..:........r-..p......%..{.......%q.........-.&.+.......o,....(-...*..{/...*..{0...*V.((.....}/.....}0...*.0..;........u......

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.852040403345325
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CxGxIZWJjW5bPfNyby2sE9jBF6IYiYF85S35IVnxGUHFykNoc0xPex:C6oWJjWN3Nyb8E9VF6IYijSJIVxukycJ
                                                                                                                                                                                                                                                                                            MD5:D917DEA96F5B910E68D1F79E37B2DD91
                                                                                                                                                                                                                                                                                            SHA1:24F89EED7B3DE4C5E5544F00C738DE7A1EDD9805
                                                                                                                                                                                                                                                                                            SHA-256:2FC20781034A391AC60F35C94B3DB22383B7BFD17430BECF43460321566B0500
                                                                                                                                                                                                                                                                                            SHA-512:BD575B68678242BFC301D77807507180477572F8A23BA6341E60B12322FB85776540939D156CBBEE0377F2108FACE44AFF45F74D51F97D78FB7B941B0DDC1A23
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................R.....@.................................H(..O....@..p...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.771448960937668
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Cqk53/hW3fZ+zWqyNyb8E9VF6IYijSJIVxjpbu:Cqk53MmSEpYi60pu
                                                                                                                                                                                                                                                                                            MD5:7D50A7135BBAA5223A1F9295D134B3F5
                                                                                                                                                                                                                                                                                            SHA1:64EA8C06AC68779CE21B1E45ABAF0155FBCAFF74
                                                                                                                                                                                                                                                                                            SHA-256:14BB9215B0C82D2EABA0A76CC11B0E81D45426F43CE201F064137A182F174B68
                                                                                                                                                                                                                                                                                            SHA-512:DC2AC7152A217D438FE03749DFF22005E671ED633462CFD16D2EC2643FB4CD91D2C0890EAEA5954D704792BE227BFC072CCD0073FA147585EDC6BE21B4686FCD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ....................................@..................................)..O....@..0...............((...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.658255217483959
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:KFCc4Y4OJWfOWqWWOW7yNyb8E9VF6IYijSJIVxwOeQghm:6CcyCrSEpYi60Jj
                                                                                                                                                                                                                                                                                            MD5:541DD5FFC4E27C42B4510B20C7795763
                                                                                                                                                                                                                                                                                            SHA1:7A964AE8F8436D7D1B37774DE2CA0540B7785CB2
                                                                                                                                                                                                                                                                                            SHA-256:464341BE8209BE8A36F6FC5A1943408C3216F66D84D4410ED94689EFB1848920
                                                                                                                                                                                                                                                                                            SHA-512:F9690EB8C675829E194A0E8A4324843B683C28B4B3DE722C9099596202843161C98A013FE747A582C4EA47D72A5FB91DF7AC4548A393088B6F403A6B5338D6BF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ..............................).....@..................................-..O....@..................((...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8738938766861075
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:dAWxMWxiNyb8E9VF6IYijSJIVxMPtrWU/w4:dvjiEpYi604rRY4
                                                                                                                                                                                                                                                                                            MD5:5C01326F7B286C2DBBECB385A53395EE
                                                                                                                                                                                                                                                                                            SHA1:DFEFC096F4DE4FAE01B4B7B19CC05AEF2283A59E
                                                                                                                                                                                                                                                                                            SHA-256:29A698BEEBD5BA52CC04FE7B7A22928E90E006A7885A1F10EB2E1A6665511F54
                                                                                                                                                                                                                                                                                            SHA-512:EAC153B33457347BA56CD53ECB11CEE297C503D792A6BC3DA8AF5BF8E2E4AE3D4356C460CD68F345E7EA673F37ACD847E8B623D03E416F80794C0BEED1FA066B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................i.....@..................................(..O....@..................((...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.856217266564335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:rYqArxbYWHaW5oPINyby2sE9jBF6IYiYF85S35IVnxGUHF2zfxGo6Dah:jAlcWHaWOQNyb8E9VF6IYijSJIVxyoLS
                                                                                                                                                                                                                                                                                            MD5:8EAF10A4BE6CF9FCFB560BE7BF63FBEB
                                                                                                                                                                                                                                                                                            SHA1:F20ABB136959EF3F40B82E712587983C13C8CF22
                                                                                                                                                                                                                                                                                            SHA-256:66A83605AF8E8462FAC61948656D7300C9EAD82CA230B0D45FA7AC81B2DE9124
                                                                                                                                                                                                                                                                                            SHA-512:588293D6043892C0DC1A46214BC4398E8C2513CB2C46B91CE9C996815083BFA25D9246089676F3ABA00F951B8A2937C1CBE83D808A72C49CB2B1FA71130CEEA7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................%....@..................................(..O....@.. ...............((...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7775085279315626
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:1eIZnWlNWTaNyb8E9VF6IYijSJIVxpcstKT:kUyo6EpYi60Po
                                                                                                                                                                                                                                                                                            MD5:20430B56AF201F3DF8DC7ADD77C700DF
                                                                                                                                                                                                                                                                                            SHA1:B4D021243BEEE7CD50AB7885ABBF15F0BF530578
                                                                                                                                                                                                                                                                                            SHA-256:EB04AC7564191B2CBFE425BF0E1C5AFAFDD56E95EF43410B46849B859C607FCB
                                                                                                                                                                                                                                                                                            SHA-512:CEA66D7B73E25725696D5B46E1BB3D26280B15A7DB665AF6FAD75685D41D6A759291732559D7D95E9F99140AAC29C94F0393FD9A22084C6C20C347E55DBA560B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ...............................:....@..................................)..O....@..P...............((...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25640
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.492795908704385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:7lQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWZ+Nyb8E9VF65:JQq33333333kX+TBi8OGEpYi60/k
                                                                                                                                                                                                                                                                                            MD5:BAC4ED28712BC3D20E634372041074CC
                                                                                                                                                                                                                                                                                            SHA1:3035E7EBB1B7D9830FD3711231276506A8B5B59D
                                                                                                                                                                                                                                                                                            SHA-256:DC70596E0963C1256F437BCC4EE6529A7B97119C2484845498B142EB4A18A921
                                                                                                                                                                                                                                                                                            SHA-512:5D6D4F42FD3DE579874DA7B39569B00F3A9DECD12759929DE58AD9D1A436DE787AB0EA5D67FD6C1D6558463E7B47A1222F23F67A3182E1A7E8AA172DCD23A71A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<..((..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.848738207274033
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:728YFlXulWY/WGONyb8E9VF6IYijSJIVxKD9IPGp:70qX2EpYi60Tm
                                                                                                                                                                                                                                                                                            MD5:C1B2DE83AEF8C5E20E17941C4999C314
                                                                                                                                                                                                                                                                                            SHA1:20F7DCF53F0B030E70C84DF4E4277C93DFF6B6AA
                                                                                                                                                                                                                                                                                            SHA-256:7060B1D86EF099D021D16A649DE7137D8517C5E554E1F44B41173CA8B9994D73
                                                                                                                                                                                                                                                                                            SHA-512:3610FB8097A6A29529DD5E21D2BC8E7A3CBB18D2BE071FBE198308B3242D5EA6429BDAD47363D5BAE862F5FF837D0E2DAFB779CB9002E08D55D0E45A0FD13BAE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................A....@..................................(..O....@.. ...............((...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.72671079918751
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:duMLcdQ5MW9MWYONyb8E9VF6IYijSJIVx3EDQL:8OcSpS2EpYi60K+
                                                                                                                                                                                                                                                                                            MD5:A0D4D09BE1D6009408C6EB7E93768012
                                                                                                                                                                                                                                                                                            SHA1:4C1BDC43B169CDB2869C1C98DFE9A91EB15633D9
                                                                                                                                                                                                                                                                                            SHA-256:4B9138560B475B50BCBFCBD348A82CBF258E9886682CC05EA33BE2CBF0A03F48
                                                                                                                                                                                                                                                                                            SHA-512:7CEABCF983852EC62CFAE6C739092E09EC44FE7AB3904E248AA9DBA83F7BBD61E1DBF817BF92B4D59E3EA638A7271E5F3F63E614E93FCA123F21AAC25220AA37
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ...................................@..................................+..O....@..................((...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.817024517717208
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:sZ7RqXWDRqlRqj0RqFWqENyb8E9VF6IYijSJIVxVaJrCC:Q9qKqjqjuq5kEpYi60KCC
                                                                                                                                                                                                                                                                                            MD5:37F1EF0A6AA2466C2F554504C53C2D10
                                                                                                                                                                                                                                                                                            SHA1:31DD8D50CBE9C4595A7CC7D7815BA428227E9892
                                                                                                                                                                                                                                                                                            SHA-256:F79DC628564995DEEE92F105511FD82E8B3CA3929B6D67529730833DAE6C4E9F
                                                                                                                                                                                                                                                                                            SHA-512:0022E149D9CE976D56687781461E604759E0BC36E46E4D6A9B003F8F22ABB76B11B1CDD4E06A2718B1247C7BBA4AF15A94AC91F6FA43A9AAFA396FE993BF6301
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ...............................Q....@.................................X*..O....@..P...............((...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.628825890980245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:YNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9W7eNyb8E9VF6IYijSJIVx3dU2:YvMhF2SzNzwu/NljuQmEpYi6022
                                                                                                                                                                                                                                                                                            MD5:0F8AD89B93E9F4127DCB11B4F391AD46
                                                                                                                                                                                                                                                                                            SHA1:CD0374B06A4C3962F4E3FE177907059FE7EDC2C9
                                                                                                                                                                                                                                                                                            SHA-256:BC753E8BC6A07731B5BF2D5663150CD4691B322A04D82CC53A3E64FCA8D55FDF
                                                                                                                                                                                                                                                                                            SHA-512:6ED91FC9F2CCF9369BB6BC952035012AA5D5C5BA93A61CF98306E9E9DF843EAF8CCF0A6115C172D0A56B50BC2B5DCDBA5ED8A57CAD7D26C6E653C46976FFBCCE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ...................................@.................................a6..O....@...............&..((...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.898261756295843
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:1Z4RLWdRfRJ0RZWDeNyb8E9VF6IYijSJIVxlydN:1ZK0pJuImEpYi60oP
                                                                                                                                                                                                                                                                                            MD5:292641CBE4EFE988E1D56A5245503090
                                                                                                                                                                                                                                                                                            SHA1:CDCC2464376F76994BABD97BF2A17A7D302E0153
                                                                                                                                                                                                                                                                                            SHA-256:DB686D7BCAAB90B5117C320CD799B9725773A764CBA52A78797ED3CBAE22BA54
                                                                                                                                                                                                                                                                                            SHA-512:821DCF439AC3C0C4A1DDABE1CF40B0FA0E6660940F7F9B585F23E21A4B5D2BFB809A38F1549397250A4733BC0E1FD42B12FC74A5D66BEE3942F2E7C23A07F7F6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................5t....@..................................)..O....@..................((...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.796379783430149
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:NYWsmWIyNyb8E9VF6IYijSJIVx39mFdcmx:N2wSEpYi60Qwmx
                                                                                                                                                                                                                                                                                            MD5:144114AEF753E8A677B4B2B8C4CC5BA4
                                                                                                                                                                                                                                                                                            SHA1:827364BEC24CFBD5FF52B1A0797BA3981E520FFB
                                                                                                                                                                                                                                                                                            SHA-256:07F2FD794258FAADAE4BBAE88B5C4C5A840F108087DEF92C970233D3D8AE8858
                                                                                                                                                                                                                                                                                            SHA-512:D3D7D4CF244B64787244C0547F4810C64B5B1A5FD7017FF215A68561C30DD609ED70B2BC81844996FD16D4064D88EF175CDFA63489622B4D72358B88D42E2A27
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ...............................\....@..................................'..O....@..@...............((...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):105000
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3817920096587635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:qvc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXBA760:mgk1tiLMYiDFvxqrWDWNoJXBAv
                                                                                                                                                                                                                                                                                            MD5:8DDFC9B1361578BDD5612ACC51313DA6
                                                                                                                                                                                                                                                                                            SHA1:630346D2670DE69362A3267DAE11EA6726003559
                                                                                                                                                                                                                                                                                            SHA-256:647D5BFA5108E79A1E1738C34C321088E7B8F30366881D94695DF52E547FADC9
                                                                                                                                                                                                                                                                                            SHA-512:F4B3AD4BD7C049C0F5D4408BB4834936E3EB5ECEE139F426F32704D40201EA75BCADF6B6EB32FE79B9F8AD1D609D739D2638E45693D5A8A55CFD933173A1FA7B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... .............................._P....@.................................5W..O....................r..((...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.855234936441404
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:dKcuz1W1cWliNyb8E9VF6IYijSJIVxLnKXE:Xu8niEpYi60b/
                                                                                                                                                                                                                                                                                            MD5:054FDA357AAC158ABB7DCB603E618468
                                                                                                                                                                                                                                                                                            SHA1:30D78707EB7ED4B135A3DCC0D2789EF34EE5008B
                                                                                                                                                                                                                                                                                            SHA-256:D690AFCD79AB3F1E8FE0F87922A694F1207F23E7AF74B9D507CB0719B71E6162
                                                                                                                                                                                                                                                                                            SHA-512:91C419A37778A608310C1FFA4459942A2E64B8FEE8B03192D0AB78D879F52525CF37B5E2D31178A4C14FBD8BC58238127D275EF7FBCC18148FD48535E9B5C41B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................m#....@..................................(..O....@..P...............((...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.859586983074765
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:c+SWikW0uNyb8E9VF6IYijSJIVxAd5iwp:c+eGWEpYi60Cdp
                                                                                                                                                                                                                                                                                            MD5:6A9CCA0177140202310B5E38CA0C8FF4
                                                                                                                                                                                                                                                                                            SHA1:6443604982F8F9A3E1B5D713DB1E52D401CC0F52
                                                                                                                                                                                                                                                                                            SHA-256:F6B1EE80B31CC0383A6C4F7116BB84EBB41CFDD5AACEB43986308A146077F381
                                                                                                                                                                                                                                                                                            SHA-512:D34427448ADCFA0B140BA777FE0EF266AD04843C3848EA8EA238BA457EDFF2C1023E7E891A811433491A60B2834BAE734656D764B0F2FB55C6632517D1200BA9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P...............((...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.907435412972442
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:pDxxhREWzgW5APUNyby2sE9jBF6IYiYF85S35IVnxGUHF76am939Ys:FAWzgWSsNyb8E9VF6IYijSJIVxXm+s
                                                                                                                                                                                                                                                                                            MD5:8A94A3BFDE0A59D784A3408F43D7714E
                                                                                                                                                                                                                                                                                            SHA1:CE74C4C089A298FB2E53DB905E938ED866FD7CCC
                                                                                                                                                                                                                                                                                            SHA-256:266EEB7F43B68684C44E1926593F5F4DEAFD5048BC552835152DC9649E738F9E
                                                                                                                                                                                                                                                                                            SHA-512:4015E73F7C7099BEF4E2961A1AACD1F3AC25C99B54F92632E94DE0B3AB4F19E0144CDC5B06A56029A73C2A6644CDC990D2A11CA2BB5D5F31E92B6E07712CA4F8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................4....@.................................p)..O....@..@...............((...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.863130152483049
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:6BLRWbYWziZNyb8E9VF6IYijSJIVx7cHr:6B2xi9EpYi60YL
                                                                                                                                                                                                                                                                                            MD5:878FED5CA4CBAA9282B1EB608C2312CC
                                                                                                                                                                                                                                                                                            SHA1:D07131A22C8E51830D64607EA61A71FD0064A78E
                                                                                                                                                                                                                                                                                            SHA-256:91850B2A878630B4F96CF6B5D5695361BDA4D3E57A8589C8FB68CFF75FF3B761
                                                                                                                                                                                                                                                                                            SHA-512:631EC942C1FDF73C016694B345609B9D821A427E79D4190A21A12442C65650E793E74B2247978B23DE97D1109D885AD1C5F7031D18B7502B01E298355828272D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ....................................@..................................)..O....@..................((...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.85257775718915
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:hZxcMRW4/W5TPPNyby2sE9jBF6IYiYF85S35IVnxGUHFyF5yzli:5HW4/W1HNyb8E9VF6IYijSJIVx+qU
                                                                                                                                                                                                                                                                                            MD5:4D61CCEF5CC2784846B379DE467BFCF7
                                                                                                                                                                                                                                                                                            SHA1:0F1A10F294CD97FB5B21CBFABE7D41A060F9DD38
                                                                                                                                                                                                                                                                                            SHA-256:E2E5B92DFA1195E2DD1DBD15D8E4C36365862C33105BCFF7E84CFA72F90CE512
                                                                                                                                                                                                                                                                                            SHA-512:969F11D0DEEE273AD68BC3C9B7224A3E38BA227077B0760332C7D603761A12594DD66338C58A08D798A67F00F91861CE104E792BAAA7D4014CC2304EB177EBFE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................C.....@..................................(..O....@.. ...............((...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.909083241813673
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:/vk7hWmCWKpNyb8E9VF6IYijSJIVxug1fV:/s7/GtEpYi60HV
                                                                                                                                                                                                                                                                                            MD5:99D608EA299DB1E5E927AF7AD6F0D364
                                                                                                                                                                                                                                                                                            SHA1:E2625E44AEC5D3D2C53826E2B31A64AA54DF4C46
                                                                                                                                                                                                                                                                                            SHA-256:9711D1D2173CA18175118B8BBBC656BE11E18702EAC0047F6195889C60032BDF
                                                                                                                                                                                                                                                                                            SHA-512:80B8FC43E2F41649F19DFE954F2DD3FBA6CAFCE72AAAB4F0832017D672BCC93EA6E7187BD23056C256DEFF3150315789140B68336752042E34969ABC4F0EB70F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................:....@.................................h)..O....@..0...............((...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8725581182244815
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:pUiW2xf+C/WCUW5wP5Nyby2sE9jBF6IYiYF85S35IVnxGUHFLZiDSj+2m:fGMWCUWiBNyb8E9VF6IYijSJIVxR5q2m
                                                                                                                                                                                                                                                                                            MD5:827CC9E1385DEE08EB88BA4F82A8D037
                                                                                                                                                                                                                                                                                            SHA1:1F4FD3E05F15B1CEF11222EF9FB0E7278D7FF0D8
                                                                                                                                                                                                                                                                                            SHA-256:EE7208B11C25F2244F73C4C7FE84634E283CABFA3BF3F8AA8231FEAB8806B32D
                                                                                                                                                                                                                                                                                            SHA-512:D42CA3E72BF359CB8120051414D554A89A8D8E6E8D2463CE3684CFB32977F5437EB5FEDDA5A08080130DD24170BE8CE93F9CE4ACB9307D878B2C2C1CECCB37DD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................Kp....@.................................@)..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.852073911727644
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:1BhwI7WSQWEQNyb8E9VF6IYijSJIVxCtgRyl:1DwIBSoEpYi60a
                                                                                                                                                                                                                                                                                            MD5:96CC4DB802A18A19C634362EA07BF0CA
                                                                                                                                                                                                                                                                                            SHA1:5E73A7D50926A20ADF21C5A681CFD88E6782E36A
                                                                                                                                                                                                                                                                                            SHA-256:2C36B9CE0C5B3D2BD1437FA57DFCFE7E8C13BBA014BBAFD6895736A6654704C3
                                                                                                                                                                                                                                                                                            SHA-512:442D514BADBDFD84F67A1B5CC5C653F6EBF49A951657FED8C7BDFBD4D453D82AE9A3E3845BF3BEAA6B4380FA7E45E5531E6594BC3673788199C79FC7119EE884
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................V....@.................................l(..O....@..P...............((...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.870125259512271
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:FyvPRW4lWvKNyb8E9VF6IYijSJIVxnKq3u:s39oKEpYi60Fu
                                                                                                                                                                                                                                                                                            MD5:E86EF319DCB1A0C3A1C980B8179C28DF
                                                                                                                                                                                                                                                                                            SHA1:B7B384331A1F5A4ED7A1EB64B93A50D3D99543BA
                                                                                                                                                                                                                                                                                            SHA-256:CDF9D59E281EAD07334BAEDF6F929AA27AB968B7121B53EEE2406EADEFE901C3
                                                                                                                                                                                                                                                                                            SHA-512:A76AB5FB097CDCF658F4645AF58F4B9F4CE9B5B14683A7B2463598692D7835D969A0AB7C387CC96D9EEABE095E4223B40FA1EE8BD840F83144AC0B5818BBBF5A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................'.....@..................................)..O....@..................((...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Expressions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.821263452437729
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:r6RW6eWX8Nyb8E9VF6IYijSJIVxiAcn/A:r67XcEpYi601c/A
                                                                                                                                                                                                                                                                                            MD5:5DE19C03111BAC441546E09C0986FFB8
                                                                                                                                                                                                                                                                                            SHA1:73A84A9DBB2C687D7B98675391F17919BE4A0E2D
                                                                                                                                                                                                                                                                                            SHA-256:E8B6180145EB52C8357A15E71EDC4F4A3CB103E2C9E3CA39DEF0837C25486FF4
                                                                                                                                                                                                                                                                                            SHA-512:8A3B551E5D14A05A4DA4D244FA8BF285C5FBEC7B5D613EC5B8AB73F4EF90D7F6AC4DFBF1AF206D8C4FACFA115AA03531660C8E39535315F3B680F72F7D34DCB9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ...............................]....@..................................-..O....@..................((...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.853696719137859
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:cSUP9W70WxhNyb8E9VF6IYijSJIVxu17pF:5Ue/lEpYi600FF
                                                                                                                                                                                                                                                                                            MD5:18E7320ADED59C532DD1093BB36A47E3
                                                                                                                                                                                                                                                                                            SHA1:321C5DEEBE109D276BC9BA37FC0427AF1BEAE560
                                                                                                                                                                                                                                                                                            SHA-256:83415D3468C938305AAA415D4CFAB000A256942414F04C461416E2C160BCDB6A
                                                                                                                                                                                                                                                                                            SHA-512:18519422D60ECA9255CDD896010A2698C6055FB19F82E26CE678D08A5A00B2CA86B0438B8EF175825B7B27948A41C28D6157AEBE366341EC13ED6B8569589866
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................l.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.847671491882663
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:m8yg07W0/WtTNyb8E9VF6IYijSJIVx/oOGL:mBHEPEpYi60AzL
                                                                                                                                                                                                                                                                                            MD5:4631C3F56A7B9031F7543E6814C16B8D
                                                                                                                                                                                                                                                                                            SHA1:3C5779DB0C60BE02444DD8747DD3B4A2CE37A1E3
                                                                                                                                                                                                                                                                                            SHA-256:D3AA1A71FA76EA5DDB353E1CC5180779DB3226122552CF5A621A2F72142D539D
                                                                                                                                                                                                                                                                                            SHA-512:82B24C7F8E2A876F839C0591E5FCA75472E7EBDDC1B354495C3F7CDFC8757F10C9DA7DE08BECA4A83570665C47281AC7700345EC0FDE03D0B90188BE869FC169
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................W.....@..................................(..O....@..................((...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.817049710176357
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:we1WmRWgFNyb8E9VF6IYijSJIVxakgDjo:wejjBEpYi603l
                                                                                                                                                                                                                                                                                            MD5:2CAF5C21FCBF0230D9483F1FCA73E172
                                                                                                                                                                                                                                                                                            SHA1:F764EFFA55A81B03177BCE950034C683E45E086D
                                                                                                                                                                                                                                                                                            SHA-256:F3B140DFBF9255AC57327672D3EF85DA904B79C50D518EE51306C6A4CCDB7DCB
                                                                                                                                                                                                                                                                                            SHA-512:A09B873E6EBB483DE70D7AEA322B3F9EA6190945FDA674D8BE7CBC33DCF09DE27507F7A336CD346E026C68B61DB37C8C8C5CAA6276B9946936C1F5C6863A7FEE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................2.....@.................................p(..O....@..................((...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):142376
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.160416111190502
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:mUGrszKKLBFa9DvrJGeesIf3afNs2AldfIlqg:RBFd3/aFs29
                                                                                                                                                                                                                                                                                            MD5:401E4D347BD255E0BB8DDE6FB0B9C1B4
                                                                                                                                                                                                                                                                                            SHA1:FB06977AB97D10368872DBC07EDF0EF5F7FAC2E5
                                                                                                                                                                                                                                                                                            SHA-256:EEBF2B7039D66E279C867C4FA6A52992C03D4471B02CBB5482B25330CC9D0AC5
                                                                                                                                                                                                                                                                                            SHA-512:C8AFF36074FA5A074322B2631D8966101EFB8BA8CC9E90751985CC7822F5403E7B3F2516FB95FCF3DFB2B6575C5E856CDC77AD2D3CE413399C5A650EA245212F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`......Iu....@.................................X...O.... ..0...............((...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):192552
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1145313432038435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:zeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgSbG:OW60VcTvakcXcApOW
                                                                                                                                                                                                                                                                                            MD5:D3E5C0965EAA22ABF7983475E0D1BDD6
                                                                                                                                                                                                                                                                                            SHA1:3A38A616388260BA9063FF0A8DEC1F5F79C35167
                                                                                                                                                                                                                                                                                            SHA-256:317C9D83B5CF920086FAAC9F3958ADE2DA011CC3BE3C2D26AC29D98A471A256E
                                                                                                                                                                                                                                                                                            SHA-512:447AB3090F482799F87FEDD2903512C8DE3D50AA81F7DB201883789D35C73C3DD67DBACBAD3F190D6EEA46F81FCEF15233484E8BC16AF768201D3AAE50AE2B25
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ......aC....@.....................................O.......h...............((........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8352214136086555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:06ZWYLWBwNyb8E9VF6IYijSJIVxNNLD3Nqi:06l4IEpYi605qi
                                                                                                                                                                                                                                                                                            MD5:FDE1F464939CB2FA8F1FEC631AF3CF0E
                                                                                                                                                                                                                                                                                            SHA1:B62ADCBE2A59A559F9610FFDF3DEA3B434EB17D8
                                                                                                                                                                                                                                                                                            SHA-256:694FC622E3460D03502B2A8BF8BD2FFCC5358117297DDAB006D6ADE71CE07332
                                                                                                                                                                                                                                                                                            SHA-512:EC2F1E08CC1EF0B78573766DC0C7F454D00A3BCCCF96EE972FB6A99EA1DA7AACCC82187F4D5AB6F1E6A23BFFBC8403E9D7D0EBA30535DD9D54350E878AA94E3B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...................................@.................................T(..O....@.. ...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.792745535380218
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:n1W1WMQWkMNyb8E9VF6IYijSJIVxuHjg4:o1yMEpYi60un
                                                                                                                                                                                                                                                                                            MD5:4B018741B464AED29724E31FE593A2F0
                                                                                                                                                                                                                                                                                            SHA1:435143DFD60DA9C7A3839B0AF6C0EEC9E6D72531
                                                                                                                                                                                                                                                                                            SHA-256:27A83893C71285085B9334678212FEFCE779CD3E877F8232B90FF61A2AD2E8E1
                                                                                                                                                                                                                                                                                            SHA-512:C542ECF9A11CECBA69FEFA791C7DCD18E6D0436E6D9F0C164FF50A4D2564A317890EC23C2B588AD6B8441551B6BF046D2D714CF484D71978DBDA75034861BDF2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ..............................z.....@..................................,..O....@..@...............((...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.832665685039471
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:JQ/rx72WSKW5TPZNyby2sE9jBF6IYiYF85S35IVnxGUHFA/P6iMYRh9:6dSWSKW1BNyb8E9VF6IYijSJIVxsbMq/
                                                                                                                                                                                                                                                                                            MD5:51835E547CFCAEDCD46D41A916007337
                                                                                                                                                                                                                                                                                            SHA1:027AF2DA308C20BFECFE01D6925F15677658B9ED
                                                                                                                                                                                                                                                                                            SHA-256:E0D868F38EA149A2256491A2067E7C1EB21A9CBE68FD018A7EAA2D65E8C6F5B4
                                                                                                                                                                                                                                                                                            SHA-512:6FA395D0B6B230B96A0263BA005A5E6518CA96E6785BBC964D75108CD9C3E58670B9CEEA2BC11188F1FD4CDA1C2A03A63F3E9C12A84AAB233BDEDBE0EF8149F0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................4....@..................................(..O....@..................((...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7476634745054485
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XJEYA2WkIWcqNyb8E9VF6IYijSJIVx1IZ22zG:XyYA8CqEpYi60+Zu
                                                                                                                                                                                                                                                                                            MD5:2B512D2A20AA68D1F8AA686BF246F15B
                                                                                                                                                                                                                                                                                            SHA1:D37F581A2DD9651E3A9F0D2B00D1275FE43F81EB
                                                                                                                                                                                                                                                                                            SHA-256:D9B9A099BCB2D685BF4CAF9A04FA022D08AABE3CBBD04912FB9FFF73CCD162F6
                                                                                                                                                                                                                                                                                            SHA-512:4C999BD5F20691AB4AB77015E34F0822076FB549A4B41495496AD8505FE6BC3A732DC1AAFDDC5FB6E576AA76AAD673D674A21C421D1FBB8791EB3D2CC4CFCD23
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ..............................!.....@................................. ,..O....@..................((...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Requests.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8755777127592
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:hJGWe4WTYNyb8E9VF6IYijSJIVx5O3zCp:fmRQEpYi60tp
                                                                                                                                                                                                                                                                                            MD5:671D536227E78B50106A0D293D9EF1AC
                                                                                                                                                                                                                                                                                            SHA1:2B269A49DB0EBC5120EECB135AD96C78DDE1FEF9
                                                                                                                                                                                                                                                                                            SHA-256:6C679EC299B4A95EDB26E8AB547BF78E351FBD75CFFAF40FB3E65F036DBF99B9
                                                                                                                                                                                                                                                                                            SHA-512:5B2B63DB5E757B8ECB742F020DC62F0E239628DDC8A6874AB0E22D6F746F8BD4268E8544B39D7443E8FBD9456A341FD8BE8B333CCE0CF9819E6083CF533EB05A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...................................@.................................0)..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.785938093349042
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:IdW1w3WesWn3Nyb8E9VF6IYijSJIVxV4NN:R1wxd7EpYi60+j
                                                                                                                                                                                                                                                                                            MD5:6945923300972B5EA47E0598706612C2
                                                                                                                                                                                                                                                                                            SHA1:E5F2A7CF773248575B60E0C53012E028B674E19A
                                                                                                                                                                                                                                                                                            SHA-256:BCC856A3826E500F74A5F6A6C26868D99049E41A8347C70090415FA2193A045C
                                                                                                                                                                                                                                                                                            SHA-512:3505A8D5F660BA87380F6F7CE200CA5A26434502A1784BF4ADF6DC2D7AFD9DBF06C3E76B4BBBFFF2E96D27AB50D4483CD629348738FA51E6B8B6FE509AD08BB1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ...............................L....@.................................,*..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):24616
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.595041169888453
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:0ylNGlfdqj5531HJTABhf8g2MkO1ICMbmiT2Y4Y3ocWS9sWvW8YsW1gNyb8E9VFh:0yp12Bhkg3qnV/srYEpYi60Rt
                                                                                                                                                                                                                                                                                            MD5:FE7190348625EC55451232FC2D3FB595
                                                                                                                                                                                                                                                                                            SHA1:D141B545D0F3D521DC980631858F1E4EDA517A5A
                                                                                                                                                                                                                                                                                            SHA-256:89179D883E20AE9C91F902F7A97D2086D2F73AE4658C4AF10B98F88DDFB59664
                                                                                                                                                                                                                                                                                            SHA-512:C9507147B018DC03D02A4F6E6706150F4ABAE1208163AFE6B24B36FB8618CAA21474661C424CFA0AA91B76573B4B73D2530014DC4EB67580D8F8FB495D9A2F66
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ....................................@.................................gI..O....`...............8..((...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.853316216137834
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:4HPAW1bWieNyb8E9VF6IYijSJIVxJ5RqR:8rTmEpYi604R
                                                                                                                                                                                                                                                                                            MD5:376862D3F297321F423A4F28169DE6DB
                                                                                                                                                                                                                                                                                            SHA1:4176FCCBFE1121ED76B86DE9FECC8C4FEEEFF827
                                                                                                                                                                                                                                                                                            SHA-256:2E5DC554D21C726495799BD068C3FD882854FA533ECF7D366DE2B055B0C703B0
                                                                                                                                                                                                                                                                                            SHA-512:E9185A15A4544659E22459084A7473884328F1C09BC087348768819FAD39A403F5C9948A571813F096D27FD2984CCBC7EE065E7A1F1FBDB02A7DD0DB9ADA6CF9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P...............((...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.853448956403336
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:J+TxwFqWD7W5/PtNyby2sE9jBF6IYiYF85S35IVnxGUHFCetddDAx:wNoqWD7WJlNyb8E9VF6IYijSJIVxeQ0x
                                                                                                                                                                                                                                                                                            MD5:C4688280A8EB58E5AC6CDD201B202B06
                                                                                                                                                                                                                                                                                            SHA1:F4A67D8693A1AFBC16BB40C21ED6BC3700EFE786
                                                                                                                                                                                                                                                                                            SHA-256:C34591E43D225239F8804BC4E780B9C98FAA60FAC54AF18CF016AB1C952EBB5D
                                                                                                                                                                                                                                                                                            SHA-512:E0BDBF8B6853D6539F5545819E07CE947BE860D8753C27EB8E9647649CEFC0ADD2A2FE1304FDF9BDE712D873162EA7556162A6F6438EB2CD582F9DADA949418E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................|(..O....@..@...............((...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.864638231153108
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:FGETSAWUEWSWNyb8E9VF6IYijSJIVx6t0y/t:pT18+EpYi60O/t
                                                                                                                                                                                                                                                                                            MD5:975F2775F87D6C08679BC41F033BF2AE
                                                                                                                                                                                                                                                                                            SHA1:9B8441CB1201AB46C5E8CDC24D5370C0AA12F886
                                                                                                                                                                                                                                                                                            SHA-256:8BA82BCD2E912A9E36E18F75390E18F4E6EA6FFEB170A4BD85028F20035D219F
                                                                                                                                                                                                                                                                                            SHA-512:AB9A85D45D593FA7BF1F59196241B7BAB1CB81F0D17E3D72BC5C59BCE9E1D8D98EFE783A5981148D90F9260D9D70E0767DED7C3B8AD2599BDC4B890258B7DBBF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):110120
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5108128247654085
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:XPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/Yb76t:XWw0SUUKBM8aOUiiGw7qa9tK/Ybi
                                                                                                                                                                                                                                                                                            MD5:7CB47D2C6D6A41F40B81FC86A91AE937
                                                                                                                                                                                                                                                                                            SHA1:A82BCC7EE4A91A1D13C30FCC6A8FC91CCED08E29
                                                                                                                                                                                                                                                                                            SHA-256:1F18D0E36EB23A81A4C399240F7DA7CC2A9823338920E677DD674417A4114D16
                                                                                                                                                                                                                                                                                            SHA-512:8C36F363195CDB1F30A4FE3392045D18F884A9E91C8EBE2D78D6C5AAE6461D4EE28044D64C18C3EAC79B8C92C76E22446DFD26A73F07F329B65C1F4B9D751081
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ....................................@.................................f...O.......................((.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.848632194828129
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:acDagtDApWSKJWFrNyb8E9VF6IYijSJIVx4LsnrdU:aPKBKnEpYi60NrdU
                                                                                                                                                                                                                                                                                            MD5:459770A3E8621ABB77D33F2CF1CBEDD6
                                                                                                                                                                                                                                                                                            SHA1:D785E240353419EFF2DC457A696BC44C5A1AC1D3
                                                                                                                                                                                                                                                                                            SHA-256:248F54212A62DFBCCA1F65E68902F7AFCBE474CCA2E87394646AAA6976DD0C08
                                                                                                                                                                                                                                                                                            SHA-512:0EE526A89B7620E0EC6B98F0F21EC5DAA33A6F468131340E89EAF9486C699FA8EEC6FDEAA7F403FC80C836128A99E8BC2D4483E07D7D0D17F9B8C7B9F5FC3586
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ..............................E.....@.................................0+..O....@..................((...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.857847377763634
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:fIWD4WmiNyb8E9VF6IYijSJIVxM0r86kT:f1oiEpYi60rkT
                                                                                                                                                                                                                                                                                            MD5:1F8B2D1E1E3A515E4117B5B240EA998F
                                                                                                                                                                                                                                                                                            SHA1:ED2B96B4309561D3C5289A0C4990EA8B6A669259
                                                                                                                                                                                                                                                                                            SHA-256:6018F6A293FDC80EDADA971BDD4E2D2439916AEBFE6D1104C83DBF49FFC7C9CF
                                                                                                                                                                                                                                                                                            SHA-512:941D3172CFDB57667D0D730B9D12110E12852DE940C4A6BA0DA7E70C58CB289F8D08EE370E386D29370FEF95BFD5D35EC4E328B8AC46C67EDAFB98B9997F50B6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................q....@..................................(..O....@..@...............((...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.785369657459982
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:cMWzQWc9Nyb8E9VF6IYijSJIVxN/J4BYxq:c5a5EpYi60pal
                                                                                                                                                                                                                                                                                            MD5:915B94B573B35E3C06E639F591102885
                                                                                                                                                                                                                                                                                            SHA1:FFB099716B4452496B0A93EEB343043B5B7F7103
                                                                                                                                                                                                                                                                                            SHA-256:830AA899765E40B9AD26BB34B6F6AF1CB88219479A1FEA1CFD2DA77DC722990B
                                                                                                                                                                                                                                                                                            SHA-512:5471391199163AC0953AEC472D1A46EC5F32128A2DEC93674AA188173F8D2F0BFDAA8CD2BCB193F9EE0BEBCE0CE4CB932AF19CA1E71804978F82F758EDA74DE4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ..............................L.....@..................................)..O....@..@...............((...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.724157119947449
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:QxDHKWAMWcpNyb8E9VF6IYijSJIVxlPKR0utc:YD8GtEpYi60Vcy
                                                                                                                                                                                                                                                                                            MD5:F50876298DC3B563DA6826269B2B239F
                                                                                                                                                                                                                                                                                            SHA1:FFC79793CDA43EEC70AB960AE14C6F78810A49BA
                                                                                                                                                                                                                                                                                            SHA-256:91230D54EDC8A7055732CB03923BC8FF55E8A8EED938AE60C44A527D8863D45E
                                                                                                                                                                                                                                                                                            SHA-512:5120E332688893DC089218F9482156190578723E5B394526BBD23BB2899A5DD82E576B5CF766A0B0C31A792DEA8C757AB05F5CC21C03F2AACCE358C7F7B05E1E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...................................@................................. ,..O....@..................((...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.829404767120568
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:wLNBEW6pWx7Nyb8E9VF6IYijSJIVxdT1qe+2P:wbMSXEpYi60pdP
                                                                                                                                                                                                                                                                                            MD5:AFE54DB9A896944978A9B7A11950DF04
                                                                                                                                                                                                                                                                                            SHA1:D168B00E2F65A67620557F9812E62CB02B200691
                                                                                                                                                                                                                                                                                            SHA-256:B5A910596D56F1082F4C3897DC6577331FC0C65E0F5919F45A9CE23D4BD748F1
                                                                                                                                                                                                                                                                                            SHA-512:C0AF4591F27B22D3E8A02A753D91BDC066DC529F59A50A615EF6CF88AE2C793912EBC26C50D05C65376F3A036679B128D715482315A3EE87B95C44BC7831E156
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................O....@.................................D(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.886594331713788
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:uKkHKW/tWBpNyb8E9VF6IYijSJIVxkNKuTCOZ8s:TumtEpYi60Wl4s
                                                                                                                                                                                                                                                                                            MD5:B5ED78D6C151FF528B8C1EA4FC01C264
                                                                                                                                                                                                                                                                                            SHA1:66B94A030731A38D93E68D344334CD3DFC79A40D
                                                                                                                                                                                                                                                                                            SHA-256:546783CAE29CD0ED62B742717CDCF601AFED16CC624CB1DA64914C09FBA7A44A
                                                                                                                                                                                                                                                                                            SHA-512:B06AB4204B11F8EF780D8F4EAAB369C9B6F79A4099657C46714423F4B5A5C768201FB0764CECE7362A470415D25F3FF9A80B66C27389C1D1683AC67C7ED17F66
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..`...............((...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.832440945277622
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:0LnfIWqrWx8Nyb8E9VF6IYijSJIVx7Dq1bbXVo8:0Df4ocEpYi60gbj28
                                                                                                                                                                                                                                                                                            MD5:DAB87FC6FD24D8DC5AEC95AEBB6DF6ED
                                                                                                                                                                                                                                                                                            SHA1:ED2B6FC9CBF4B412E0382D142A2D95D7E532BA26
                                                                                                                                                                                                                                                                                            SHA-256:9D510D9EBF5BAEF6132BAA15263CD43285A745846CD49AD1F697CF75BDC81E24
                                                                                                                                                                                                                                                                                            SHA-512:F9235636967AD0501F2A20E6A0B4BE42D46A40A04B0A6EFC16258C9C59B8F7846A629EF104EA78A2F0A1F28841AEA2BF8E50DDCC072D97506FA7CBBC6B5233F7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.67540834837691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Vh06sbbVVPWU2WYNNyb8E9VF6IYijSJIVxeBJEG:Vy9gpEpYi60At
                                                                                                                                                                                                                                                                                            MD5:C6C2A4748A0358E5E117E5EA92A7A5CC
                                                                                                                                                                                                                                                                                            SHA1:AFA829A0B7CFEB8FE1B4113CA9D315618825A9CE
                                                                                                                                                                                                                                                                                            SHA-256:8C732D6FF6B7171E21E341EBB5DF403A0492F784D5865DFBC26BBAA7EB0C0165
                                                                                                                                                                                                                                                                                            SHA-512:64A8A0495B65A312B7F5228094BD74A3B647F2895C3BE4DF28B65FD1BE214DB85A097AD40FC73B95E622DA56A4EF301EB7BE91B17184FF8DDB1FE8AB1145C763
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ...............................U....@.................................@3..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.81362702616023
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:1na8WK1WLfNyb8E9VF6IYijSJIVxY4YvO/:1na0ojEpYi60SO/
                                                                                                                                                                                                                                                                                            MD5:1B83C23AD63079909D9249AF270CE723
                                                                                                                                                                                                                                                                                            SHA1:9B69A0EE1F1CB7D51B949F4FC4564309C2B69F6E
                                                                                                                                                                                                                                                                                            SHA-256:DCB0FD8AC602600500A66FF63C3EED2004AF2815AFEF44C17ED7FD56C7A64865
                                                                                                                                                                                                                                                                                            SHA-512:ED020CE93C9F8AFF9B482ABBC39D19FE33E9F1527729262CBA65C8BB7EBAB1FF3936D2970DACD3ECFAA3D70DFBBF01F4CFCF372D215FEF564CB058AC4C0EC9F4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ...............................h....@..................................*..O....@..................((...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.763739326554534
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:/BSWITWWSNyb8E9VF6IYijSJIVx3mR6pE:/6LyEpYi60WR9
                                                                                                                                                                                                                                                                                            MD5:8701AC62E4798E316D261B8B610ABCED
                                                                                                                                                                                                                                                                                            SHA1:AEFC7E582FD623838E37117D3E1E4AF7A774F205
                                                                                                                                                                                                                                                                                            SHA-256:C6EE477A087AF68BCA366F0F1EB844AF1C1453E710DD5B63BBFFE0365DF59100
                                                                                                                                                                                                                                                                                            SHA-512:EAD5EEC7465E84D8335713AC824F1D99BC0DF721EBA845E0625933A8915CD24AED788FE3C4D17A03BBAAEAC790E5AF4D4B3D69E6202A791ADE2D87B5FD171632
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ..............................E.....@..................................)..O....@.. ...............((...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8758049902132425
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:R88cIIWNoWJiNyb8E9VF6IYijSJIVxJQqeNHPw:R9cU7iEpYi60VeNHo
                                                                                                                                                                                                                                                                                            MD5:673FC0EDF04D3C42EC568DA9B17C41FE
                                                                                                                                                                                                                                                                                            SHA1:E5E4BC30C22AD35A68A30EEBA3E99EA4BCF5CB3C
                                                                                                                                                                                                                                                                                            SHA-256:4AA394D3C7347439434D4839E8CEB3BEB2731D05DEF428FACDF3911BD701556F
                                                                                                                                                                                                                                                                                            SHA-512:EFA56562181FC801B21D4B33B0079020B6BA6D45194C9D5932F9856122CA6F8490D6D5CE48046BF3E48162125FF1998527B123189A11B2190A3FCEA00BD5398E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................M.....@..................................)..O....@..................((...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22568
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.621496009544969
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:8kUwx9rm5go1fWKmmW4oqN5dWjaWbJNyb8E9VF6IYijSJIVxowXqgrVJ:rrmoFmWXX/NEpYi60b5
                                                                                                                                                                                                                                                                                            MD5:C8A35AFE897C901B54B621BE5527A672
                                                                                                                                                                                                                                                                                            SHA1:A63AC12893B791995A14818C806EE0F59570B267
                                                                                                                                                                                                                                                                                            SHA-256:329BC85D116D0E0C4AC79596A0128BA2504C6CC9AE519D649F5D0DC8BBE12DE3
                                                                                                                                                                                                                                                                                            SHA-512:72313DB7BE5CA2F90A38277AD5339AB3E9577763FE0721D90FA3D186A45E895F4C3B131A7244401E1E80F4A80C136F7EF30AB7D0BA224743BF874CD67AC3EA06
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................E.....@.................................PE..O....`..x............0..((...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18472
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.672732671770867
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:E09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsc:lOAghbsDCyVnVc3p/i2fBVlAO/BRU+pu
                                                                                                                                                                                                                                                                                            MD5:312173D3BC4ED8D4C7F8767D11B1C6E6
                                                                                                                                                                                                                                                                                            SHA1:F145617D35C86FD11D4AC4D0AFAD5517A4989451
                                                                                                                                                                                                                                                                                            SHA-256:2919C102D0AB36CD0704AFD5EF642432EF297BC9EBB964FDCC171BF5B0CB7603
                                                                                                                                                                                                                                                                                            SHA-512:727302C6AF63D4FFC3810FF51863B244666DA14517474F175FD39E6CCE4907D13A7A88A95032753DA36508FFD88E25C11236BC22153107D39B2EE6EEA4DC050C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ..............................`]....@................................. 5..O....@..P............ ..((...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.826444460589489
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:cdYx4AW6RW5wPSNyby2sE9jBF6IYiYF85S35IVnxGUHFt7kRFElqD:r7W6RWmaNyb8E9VF6IYijSJIVxZ7Vu
                                                                                                                                                                                                                                                                                            MD5:7093C8CED5FD3EA657EC1F4FE62999B6
                                                                                                                                                                                                                                                                                            SHA1:8D631D42CD538B4E78E103E968F0E1EAE9A44E70
                                                                                                                                                                                                                                                                                            SHA-256:A58B4E32A90AFE5E787F28541DACEC904EDFCC475585858540B19C4188A3B485
                                                                                                                                                                                                                                                                                            SHA-512:4885195CC867B32C4EA4169FC96554D72FF86D73F9CC95FC2F6AA140709961A2737709FFB840ECA75FC0B3062A2BF4AF3B713239C70F28B6B42CFB963B0D7BFE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................p....@.................................T(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.9210346623513805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:fI5HeWFwTBsWWcNyb8E9VF6IYijSJIVxuKoen7dr:fI5HFwTBI8EpYi60l1r
                                                                                                                                                                                                                                                                                            MD5:599A888ADAA4F03F1137136175A19415
                                                                                                                                                                                                                                                                                            SHA1:1DABEFB8BAA30A1DF687DD1494B6D4223D782B55
                                                                                                                                                                                                                                                                                            SHA-256:42870B417A83F39319F33400D46998FA7D660D6D41E2D507474AD08815FE371E
                                                                                                                                                                                                                                                                                            SHA-512:85F5FF6ADA69B6E4D5CE9A9B5E423E92F028D214DC486D69576224906B6AED183A50586533FB6325079DA8BC6F8DBE82792FB2EE8DC1093E23CB6998165237CC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................(.....@.................................|)..O....@..................((...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.890331489145955
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:PAJpVWbfkBnWRXNyb8E9VF6IYijSJIVxnly:PAJpWfkBAbEpYi60A
                                                                                                                                                                                                                                                                                            MD5:5212F5DA16B2E0BFB6F8A2296E33054A
                                                                                                                                                                                                                                                                                            SHA1:B0CF851E00F1AB11753C1FF0757DEE1396465C0C
                                                                                                                                                                                                                                                                                            SHA-256:8FC45810F324091F09DC4C409F3397FD592071837190083306E62CF4491AA79C
                                                                                                                                                                                                                                                                                            SHA-512:2980DF58B47366E637372EF57D4636B9B493FB5974961371853682429518274EEE710C059253925F307521D0BD55BED001C4CDAABB3F5DA2067E2A9F5E56B741
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ...............................e....@..................................(..O....@..`...............((...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21032
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.541043818179056
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:C8R71h7yzt94dHWFgQBVWeHWFyTBVW2dNyb8E9VF6IYijSJIVxRNUr:/1dyAqgQBfqyTBZZEpYi60S
                                                                                                                                                                                                                                                                                            MD5:916F1422863E6E79BE296898E09AE41C
                                                                                                                                                                                                                                                                                            SHA1:0AF138ADB95956E52E636544F37968415B29AEA5
                                                                                                                                                                                                                                                                                            SHA-256:DBA7D8644C6D46E0EDCA62829C09767E20AC8A5E52AD178BB22ED952976A163C
                                                                                                                                                                                                                                                                                            SHA-512:955A43AF45D4262C938AC169EBFD457291DBF650B730D447B8E6DD5C2D88AD60D9891610932E7076103FFB068326C95BC04F475FA3EEB4C063FF500DF044C594
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................G(....@..................................8..O....@..8............*..((...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18984
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.683466650805465
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:dpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWb8Nyb8E9VF6IYijSJIVxZ8obo:bsPMQMI8COYyi4oBNw4tBrcEpYi60g
                                                                                                                                                                                                                                                                                            MD5:2C6D15F1DAC2EBF14D0FB2A2C7A4DDCB
                                                                                                                                                                                                                                                                                            SHA1:A18BB8F315D9321F8016D8E15BC04A6725465B2F
                                                                                                                                                                                                                                                                                            SHA-256:B8FFA01A630F1E0A342EC51036496F1585148BFDCC8FE0BB43E8B46A275A2607
                                                                                                                                                                                                                                                                                            SHA-512:98E2E2CC297812A8FC67B35F5F44C60125920F51C0370C89D17CC68FC7518B43D01EC4175BCAA0236056E2BA6D910239D70E902B3E55ED34DAC4840A0879BDE7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ....................................@..................................3..O....@..............."..((...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23592
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.318460763867933
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:mbhigwLAuZtM66g/Id7WVXWgvNyb8E9VF6IYijSJIVxdTtl:mbhzkKs9TEpYi601
                                                                                                                                                                                                                                                                                            MD5:3A3C8C03E8B6487E263D7B0F071D75DC
                                                                                                                                                                                                                                                                                            SHA1:F4AC78C21322BF8B8C2CAA36AC3C8483EACD23FC
                                                                                                                                                                                                                                                                                            SHA-256:B3C0425DB497A8963138CC1503336BE3BCD9EB617EE7CC22ECF60E2358A1A237
                                                                                                                                                                                                                                                                                            SHA-512:79A2A9AA6AC194B4CB5F4EA04F1F0C9169AF14151BCE54C8460A5A46366ED7F129E7383AAA41586EFEF6AFE36249A34A174D75B3A2678A2330DC93480231EC31
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ...............................J....@..................................G..O....`...............4..((...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.864288429882081
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:sUcX6W9aWTmNyb8E9VF6IYijSJIVx7y535XF:sUchXuEpYi60s
                                                                                                                                                                                                                                                                                            MD5:55D4283CB52E89F9815618E1FBBD05CC
                                                                                                                                                                                                                                                                                            SHA1:AF8C11AD75F0708F531EB8246E461BDFC0DEEBBC
                                                                                                                                                                                                                                                                                            SHA-256:B789D554F02DB5E29069EFB506B3E3D951A5E33CA630B85F12EC676593EDBBF4
                                                                                                                                                                                                                                                                                            SHA-512:C7FCCEE4550AEF7DEECBBAE03454EF8EB1B31CAE8EC33985E1BD71DCD25465F4A73D9920C728088C0EE0147A69D92E5A3073A3C52849A005F34E96094CDCB667
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ...............................7....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):41000
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.950245101846923
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:JoBj7kS+8mjvHTeaWKs0Sd4eeUAEpYi60k:UPmb9WKs0PeeUJ76x
                                                                                                                                                                                                                                                                                            MD5:7190AEEF4D2152208FE23AA15A83B47F
                                                                                                                                                                                                                                                                                            SHA1:D833E51CE40AD5F7A3DF04460B3C5EBB8E7903F0
                                                                                                                                                                                                                                                                                            SHA-256:BCC8367E48F9530990714BF647C8F79556F85EADAC98BDF8C29CC2FECD47C354
                                                                                                                                                                                                                                                                                            SHA-512:DECE7D9566EC2F46D00A59D14A7717D6BF6A80E51EB4EF38D059AC7A3DC0D0CC6D731EAA5F770199E76C22586E6F05D7A9E8F540234CEE73C318AEF62AA73090
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ..............................S2....@.................................u...O.......8............x..((........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.894751959894498
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:aTI2pWPzWmWeNyb8E9VF6IYijSJIVxWxypPVl:aE3bnEpYi60ppdl
                                                                                                                                                                                                                                                                                            MD5:1E749386BCBB0C2CDE9943DA1C26B888
                                                                                                                                                                                                                                                                                            SHA1:78DA8BAFFBF345B40169BE1DCCDAA27D475F7FF6
                                                                                                                                                                                                                                                                                            SHA-256:6D4513B6C865C7AC7A190C24D0CFBC433C94AC85D4F562A1D0A6590F970C8B57
                                                                                                                                                                                                                                                                                            SHA-512:CEF289B0C237E35E1DE3D737CEA9FBC4C64F4057C04B748B3D084124C29924366F7893564D20B1389CD37F770C219698D26534D833F40371497575B737FC67A0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ...................................@..................................)..O....@..`...............((...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.911553918502177
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Icezoy4W04WGINyb8E9VF6IYijSJIVxmij:IBzoy+kgEpYi60v
                                                                                                                                                                                                                                                                                            MD5:38A6DB7CB798CB523B65AE8483180BCD
                                                                                                                                                                                                                                                                                            SHA1:3CB1A3BD6A5DA5FC4FC222B08866AF114FF81092
                                                                                                                                                                                                                                                                                            SHA-256:11EF185307480DAC3754B67727BBEAE74C6709A437D7D0E8BBC642A3C2A43F7F
                                                                                                                                                                                                                                                                                            SHA-512:66081322B339883F5DBDE57E01552D1868DE7139B70FE7E8AE1061D31420B28F58507EC918333884347C2328862CA9AF431BB71A2C40FCAB1F3456291C0527BE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ....................................@.................................,)..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.795177677038789
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:yH/JWKpWDQNyb8E9VF6IYijSJIVxXuKsa:yH/j8oEpYi60v
                                                                                                                                                                                                                                                                                            MD5:0F6C0A12BFB3ED8DBF456438FD858420
                                                                                                                                                                                                                                                                                            SHA1:0E5A9F3FBF695A223538E4D821AC1F308FAC4483
                                                                                                                                                                                                                                                                                            SHA-256:413F2327A3AE6170709DBC05BE4B677C41AC516446D2883D414B8464268F8D15
                                                                                                                                                                                                                                                                                            SHA-512:97EF267FBEFE42BBA8AD718B4295291A21BC35956E222F6DB3482F4222B44D7EAEA6CCCA6C3F713734F2A9A9410992F16956D3A6AE4B2B8AE351EDF5F6B9E505
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ....................................@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16936
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.745657963583126
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:+TjbocNsWMhWqiNyb8E9VF6IYijSJIVxtLC8y:uboYyFiEpYi60ts
                                                                                                                                                                                                                                                                                            MD5:86A808028274E9D6DF90714621E06353
                                                                                                                                                                                                                                                                                            SHA1:3A47D7A175BE7B44851C5AF8967EC330D2E7825A
                                                                                                                                                                                                                                                                                            SHA-256:8A25793A632ECF02D29D7FFAC07DBEC187B4A0FE9B46A4BA44E6BE5CE3D08E89
                                                                                                                                                                                                                                                                                            SHA-512:20F8F4A9D92528EC742058CAAC5E0B7CCFB36CA5910E5315D9EF0B675626A17A5B328A15CE1269524ECB794C9E4DC4B8AE1121C774FA5628B2E21F944AA71360
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ..............................S.....@..................................-..O....@..................((...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Principal.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.845358763894717
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:vSKiWIhWG3Nyb8E9VF6IYijSJIVxLp8Bz:vSK8l7EpYi6092
                                                                                                                                                                                                                                                                                            MD5:E971856435385A977E2E0841EB2C15F1
                                                                                                                                                                                                                                                                                            SHA1:2F03E049E9F205BD9A7A710DAB3E143A77CDE03D
                                                                                                                                                                                                                                                                                            SHA-256:D50DE679C339893F84ED644A6A632816D8B1C38C961BC4835C81604318CE7B36
                                                                                                                                                                                                                                                                                            SHA-512:2063A3219789C12308FA04D79380D6D801242292E22DBAA6808727147EDB27A62C4728F0867E91374A5C5FAD8AA98168A66394E23D59EE3D7AE65CD7FB1BB8CA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................b.....@.................................t(..O....@.. ...............((...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.786849563106118
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:D0KbZWApWmWTpWSDNyb8E9VF6IYijSJIVxkp8hEXO:YKRyhfEpYi603+XO
                                                                                                                                                                                                                                                                                            MD5:FE9772147C5C4EFB20A6B0F16B53C1A7
                                                                                                                                                                                                                                                                                            SHA1:4D50591115EFE5667CC5CCF0E69ADC730006E9F8
                                                                                                                                                                                                                                                                                            SHA-256:28965739D1C84F05DDFB4C4599296C8F06E33368948F9BA285990986EACFFC2F
                                                                                                                                                                                                                                                                                            SHA-512:30D0D3470993FBF5CF56401703B2FA3DBB981079775E00A1F25CC9BB4228108D862395C05E8C01CFD885C8D7AAD463BFA3948524753F9DD5C6D6CFFCD369BB47
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ...................................@.................................>)..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.874592163148146
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:7b1nWCXWr7Nyb8E9VF6IYijSJIVxnY3EeGFI:n7yXEpYi60XG
                                                                                                                                                                                                                                                                                            MD5:F872FC903187D5D0275C030AC0DFA5DB
                                                                                                                                                                                                                                                                                            SHA1:BB660C49EE9EB96B4EA37167C39A5F299AE49556
                                                                                                                                                                                                                                                                                            SHA-256:F4525AF58D2ED7A084286EB71947F6A29F712250DC2510895311E63BF0B62ED9
                                                                                                                                                                                                                                                                                            SHA-512:D50C68F3EAA788CCCB12E7833F28A5947CB42B6FBE51FE8A39FEC7EEAF6A2FCED526D38510E2F2C81044F378A26D38869EA82C196AA23F90744E629FD6E74A8C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................1.....@..................................(..O....@..T...............((...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.776067478918499
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:rLyW7TWyDNyb8E9VF6IYijSJIVxRr97pB:3fPfEpYi60v
                                                                                                                                                                                                                                                                                            MD5:2703B21B5529FA915CFC0AB5F733F505
                                                                                                                                                                                                                                                                                            SHA1:0CE6AA2D3345DECAD00A96A1C217C7D8D6115573
                                                                                                                                                                                                                                                                                            SHA-256:66B895DA76E875772D6057DBE0763CB5A5E68D3D806E846C549A0D663914A348
                                                                                                                                                                                                                                                                                            SHA-512:4DBB5556462BDA198CA119777DC89F5A31EAFECDB0B1F7BAD4AF29A1F49E8AD5CFDD08B52C8FBF7DA6352DB062593B1842734194C237D4F0EA93DA986939F2F9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...............................`....@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.905928977470625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:K6Rb32WVzWwtNyb8E9VF6IYijSJIVx0kfw:lRb3dtJEpYi60E
                                                                                                                                                                                                                                                                                            MD5:DDF80C084EF5E94367B10D304CEBF007
                                                                                                                                                                                                                                                                                            SHA1:ECDBCDFE7EFB3FFC837DE9AEA7F364488A73E6FB
                                                                                                                                                                                                                                                                                            SHA-256:0BBB884A72284397444636FC9524BD36A18EB9F08FF0513DC58F1410F4B5E2F3
                                                                                                                                                                                                                                                                                            SHA-512:A590DEEB9B42DE2CBA518A7522FE48620AA4CE9EE4031A5D85F8D7654C6E9B0862073DC65866364B1A49543D6FF9A3D1D2E041D3A7E9E299E61D32E48C1100D5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................i....@.................................t)..O....@..P...............((...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):31784
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.537588468799282
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:6u5I+sqOylryry8qqIfUc7a5eMEpYi60+a:6YIVBpry8qqIfUcm5eF76Za
                                                                                                                                                                                                                                                                                            MD5:240E33A65BF76FE22C53C51334794F49
                                                                                                                                                                                                                                                                                            SHA1:3DD0F8463267A2817692A2609F938AB4BC8A9323
                                                                                                                                                                                                                                                                                            SHA-256:F1A5E6E1BCD3BA5DF7769FD57CAFB4148F277DC4D01D7E92277932B3207F7DEC
                                                                                                                                                                                                                                                                                            SHA-512:877E2D9132D72E56C15B5653553AC8CB4DEF7E99C93C42F91422B6032CC3BDADFFBA138EB47055C8F066BAABE75C7C9FDD3B4BE478817D3E9442B42E3E3D7D53
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ..............................,.....@..................................c..O.......x............T..((...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.876610036932806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Gvn4HREpWiQWtIANyb8E9VF6IYijSJIVxeWDNLPt:ZS/I4EpYi60/t
                                                                                                                                                                                                                                                                                            MD5:800E60AF916F68B7FE83A7BA7977D2AB
                                                                                                                                                                                                                                                                                            SHA1:12358E012D8593AEC3C7B56829AD6FFC3D6AC6C4
                                                                                                                                                                                                                                                                                            SHA-256:F19D8C45F0B46C3ACE374CE95A4DE007BBAB4EFD758E0B919189284FCF441A7A
                                                                                                                                                                                                                                                                                            SHA-512:7C5160DCD50830381D3A3AF000985A397592D2E29055DCD1796E5019B842FEB37681C3BE733FC9A44F2F57C171C4FAA6151CEB6261C3A760504D41F67709545B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................^6....@..................................(..O....@..P...............((...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.770984279504455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:u8MjKb47T3UCcqFMkJ59WdtWcnNyb8E9VF6IYijSJIVxo7E:rMjKb4vcGdO7LEpYi60F
                                                                                                                                                                                                                                                                                            MD5:CF3AD5E39C44790E7153D98DBDD75957
                                                                                                                                                                                                                                                                                            SHA1:4F2051AE5E7CBB044D3E644A12A158E3DF25ACC8
                                                                                                                                                                                                                                                                                            SHA-256:E273B1437CA235BAE1882C11AE30E4455D6C1126EC3ED8A5C725C72F2EC0F019
                                                                                                                                                                                                                                                                                            SHA-512:5DC888194516F8CF2898115F82917D72BF959E0E2363E8D05B9673B47AD2E508D3F5AF9B07308AD799A6652C8B8A5ED9C643A93851F554829638FF3B221B63AC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@.................................`,..O....@..................((...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.854623689785651
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:RzyNXd4+BW6FWqkNyb8E9VF6IYijSJIVxDYhgsz9u:sztEEpYi60cX9u
                                                                                                                                                                                                                                                                                            MD5:B7EF0237654140B400D9575B3348A0A3
                                                                                                                                                                                                                                                                                            SHA1:7FB92D1A2A22DAE79495A706D0731BE11F8DE152
                                                                                                                                                                                                                                                                                            SHA-256:21A13851A9AB68F913E6FF595A7A9EEB28C5BB2897E0FD4F4F7D754AA3DD4567
                                                                                                                                                                                                                                                                                            SHA-512:FC8D5BB1488B006907994A9B5707355600FA8EE678F1BC2FDAAC486E880DA1E49556EEFF0E9A3A92059F88850CB74F72DDCB126380D28B6026F932A0D0F256B4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................I.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.858929061681379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:8vs2Q3HKJNrWWRWfUANyb8E9VF6IYijSJIVxm860hHS1cNF:8uM0xEpYi60P/HS12F
                                                                                                                                                                                                                                                                                            MD5:7A8109EB3BDB2109EB3943D308653760
                                                                                                                                                                                                                                                                                            SHA1:E166A011944F07AF9E235CADFE60FC63FDA2C90B
                                                                                                                                                                                                                                                                                            SHA-256:7FC7700777C084406A0408650880D0DC341395CEAC70A1050C97655EAB47A84F
                                                                                                                                                                                                                                                                                            SHA-512:EFB62188F74A365BEF8E9E6DC593CC7A2E3B15C0F60F3F0D921D327D3C58AFD48164B3754DBAD5DC4277FEAA275705A65929818214289344245D9CDBA10AF1DF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..4...............((...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.826916157243993
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:dFz0Q6gcqRhcsMWdMW+kNyb8E9VF6IYijSJIVx9JtGHa:dFz1c60EEpYi60LCa
                                                                                                                                                                                                                                                                                            MD5:5CB31F305FA31BBBDE93598B09341AD2
                                                                                                                                                                                                                                                                                            SHA1:3AADCDA2D6A06E01B1D95EA72F54E3DB162F7F50
                                                                                                                                                                                                                                                                                            SHA-256:77C01CBE120119813044E7E4D1E07960099387A3887B3CF7B03438D7A79C6282
                                                                                                                                                                                                                                                                                            SHA-512:8FA8099E5AB4256317E75A70BA658CA3F401A26EBC062588A805402EA0DC0CB9F1BB55839B0F00A17A04E70EE1A206E75337EDD0B5C11643D0351655DED11337
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................X.....@.................................L(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7212625286101515
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:a6xWA3W4aW/NWQvNyb8E9VF6IYijSJIVxIJgxDJ:aaB/TEpYi60PDJ
                                                                                                                                                                                                                                                                                            MD5:F3BCDE298AE95A6686C51C1533D13DC6
                                                                                                                                                                                                                                                                                            SHA1:6DF2A0B078E68523BB584FC6F5C4C17ACD6DC14D
                                                                                                                                                                                                                                                                                            SHA-256:763EB552EF818E397C692FA1F076F569DECACDC7CA31689B4AE2FBE897163CD1
                                                                                                                                                                                                                                                                                            SHA-512:69528981A1C8684045347F6C600F7CAB9A41FD568606AFD9BC20AE0F958B225C51545E472507556DB3849E4E8DB9C7EEA1568E2DDE0C6209B8721A2EAAE89305
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@..................((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):73256
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.954346769832472
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:B784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAsk76nwn:B7N1r9KGI04CCAskwwn
                                                                                                                                                                                                                                                                                            MD5:084E3B8ADA8BF97176D8A84E0B2FC539
                                                                                                                                                                                                                                                                                            SHA1:76D7CF8DC99FF5C83D01A540BED2E3516968B113
                                                                                                                                                                                                                                                                                            SHA-256:8F5B110565A224BA914908A2AE8823350253474C9ADF1CC0D06A92671A9AE002
                                                                                                                                                                                                                                                                                            SHA-512:882577C020B22B7FC841862D92A601C645F0249AD597498E5A99557B910244D43CAC74966A396A3BE2469FC503C20F0810C846A52386F8286A38AAF3D924D716
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`......B.....@.....................................O.... ..P...............((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.853650060576054
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Kr97WquW6/Nyb8E9VF6IYijSJIVxkp9ij:KRJKDEpYi60eQ
                                                                                                                                                                                                                                                                                            MD5:D91F97304DD898E07554CE01739E9C78
                                                                                                                                                                                                                                                                                            SHA1:45D9D0F0522A1097563AB220C10BD228E313B80E
                                                                                                                                                                                                                                                                                            SHA-256:9F5AEA9AF29F645C417EC03D8EDE29040461242C77C70E17F89C3DBF2F2207DD
                                                                                                                                                                                                                                                                                            SHA-512:67BF4FA43ABB88E3B21B7E39D6527250D0020F7A08D0121313A1402F7C7BC6EB25F9FFE434B7B546761B7DD333937A0C7D26C8343D07B180F8C6035A6EC2C83D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ....................................@.................................\+..O....@..................((...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.792826561587803
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:F16eWLDWGoNyb8E9VF6IYijSJIVx4nWtt3:H6LbAEpYi60FtR
                                                                                                                                                                                                                                                                                            MD5:0C0D34408ECF8E9B3D72C004CF780C8B
                                                                                                                                                                                                                                                                                            SHA1:01FFD4CA2B40E5722CC33D5E224DD129C6D7F6E8
                                                                                                                                                                                                                                                                                            SHA-256:25289211A3653876FB4B69849866BBE0E9F98FA2772929BA8042832EBED94082
                                                                                                                                                                                                                                                                                            SHA-512:FC8E4AF721E32A4851529BBDD73E4EB3CF21C160F448FFA4A23828726C288B2ABEEBD9CFDA4390A9911A4EAE1D46C6A2FC6B1314816928C5A8163D406C1779C8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ...............................s....@.................................|*..O....@..................((...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16936
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.785088378774488
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:x8G4YC2W+wW8WpwWU4Nyb8E9VF6IYijSJIVxP7/:+GZ5OwEpYi60j
                                                                                                                                                                                                                                                                                            MD5:B11A1EDFB7BF4F8641D9BDBDEFE01361
                                                                                                                                                                                                                                                                                            SHA1:A51FE13BF202E6E7CD3464B0F09258ED6A7FAA37
                                                                                                                                                                                                                                                                                            SHA-256:B82CF7C934C3F91733944171AE4E3E4DCAE53CE6A46EACE871E7BA010CCE9171
                                                                                                                                                                                                                                                                                            SHA-512:287A62789ACD80A7691F337EE9E8080A000E75B46CBA9E1466E047F8AF4F4B8578502E04C21423C1097B82A3381626797E07DBC80FF7C4E294AF0177567008C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ....................................@.................................z+..O....@..x...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.9002603008267265
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:J6ziqTEkGWvRWH1Nyb8E9VF6IYijSJIVxKPTk:JYT1cREpYi600w
                                                                                                                                                                                                                                                                                            MD5:9E80A264FEFC33F67734AEE3676A91CA
                                                                                                                                                                                                                                                                                            SHA1:3D9EE94141B96C33640F529CFFDFECCFA09111F6
                                                                                                                                                                                                                                                                                            SHA-256:DBE2FF30D10C66A9BF4591A13EC9C07B02D7EC97743C875144505136A4D1DBBA
                                                                                                                                                                                                                                                                                            SHA-512:B2D6AD370724EC0B7E7B6B3CF8BEC7426DD80A3115F73052ABFF13A4159E0BDCC2F7D62DC0164B8300CB695408DAC56C428B1B1C9B825D710E9249CBA0A6FFB6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@..................((...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.810145599200941
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:0Uv7c7iWNCWq0Nyb8E9VF6IYijSJIVxIL59:0M7c1m0EpYi600X
                                                                                                                                                                                                                                                                                            MD5:18791F51B30C35E1854C9A8D29646DE0
                                                                                                                                                                                                                                                                                            SHA1:FFFA650CF69699835CF76CC56B943D038488FD76
                                                                                                                                                                                                                                                                                            SHA-256:05C243E6C5261F112792260F708F2A473E5A2E79B3E022CE525F097751B850F4
                                                                                                                                                                                                                                                                                            SHA-512:557FEE73D55EA194D12E845AA92F1FAFA86FAEABBD2D38321664350733F4EAADAC5A5827D08247FE6EAF07B2FE58760097B8B40988054C5946A88231FCD578AC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ..............................i.....@..................................*..O....@..................((...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15912
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.853949257369427
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:1+vxmNWnRW5TPMNyby2sE9jBF6IYiYF85S35IVnxGUHF8C8n8Q3M:ISWnRWJ0Nyb8E9VF6IYijSJIVxIAQ3M
                                                                                                                                                                                                                                                                                            MD5:3B6EAFCA26AAC70CAC6C873EF5623AF6
                                                                                                                                                                                                                                                                                            SHA1:C3F0ACDDF6193F59B6FD4A467B5EDD6A0F7E9771
                                                                                                                                                                                                                                                                                            SHA-256:2F7DC5A3678E01C11E5B06153CEF63C7638BF7DC8A9EA6E2B9EADCBAF947709F
                                                                                                                                                                                                                                                                                            SHA-512:50CDB22F27529279486A1C7B84E6F4C3770A89A6455C86E9B09407D386DE8E280BF605897766A7D67E5CACA6C4CD7E112BBDBE3EE290370B8BC0115082EE991B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ..............................:(....@.................................L+..O....@..$...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):92712
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.483787905211059
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:/2Ec05j4eAH64rh5fSt5T9nFcI94WYG76v:+lK4eA7mDmWYGA
                                                                                                                                                                                                                                                                                            MD5:EEA74039309D9480AB49CABD8D2F5B1B
                                                                                                                                                                                                                                                                                            SHA1:21A94EED07C9EC10B98DE07A6884D30568C5061F
                                                                                                                                                                                                                                                                                            SHA-256:9710540DDF8CC6CD092612892115D0D539A853B856BA1BB694EAA3719A663A39
                                                                                                                                                                                                                                                                                            SHA-512:5DA9C32494BA499F8F409C7DC6FF1661F1E6635022C90FDA64DABC9297102D693843C8E39BD38E693980342FFDBFF972A526722AF75BA130140DA3917D9788DC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ....................................@..................................U..O....`..,............B..((........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3025099
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999917825476981
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:L/snUpmkynQXrqb091jbpTsZOprMnuzM9HFNX/F8J5fSz+ukPo5O08iDw5ip54FG:LWU0QXOb091RJrL43WYxTM08iDfMo
                                                                                                                                                                                                                                                                                            MD5:108BC29224053A4735170BCB644CC73C
                                                                                                                                                                                                                                                                                            SHA1:9A4B8929E890443DC8204FCCBF4BDB6C6C853A3E
                                                                                                                                                                                                                                                                                            SHA-256:7C7C62702B5A6CA58084C1EC776116D1A7D697D7A104F2BB705676088C8614C8
                                                                                                                                                                                                                                                                                            SHA-512:883D76DD6B1395BB545461EC0A88CF797524F922E8787ABB27CA681ED72FE75C57732C5E17C7181509F98242871B7AFC0398F69D7B04A043EDC21B57DC88482A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK..-......b.Y...?........?...AgentPackageProgramManagement/AgentPackageProgramManagement.exe....(.......}o.........}_...q.~.D.R.7Gp..G.(..'..._^Yb.8....b-.x..ck+.N.dT..8.D!...N.6=n...D.....w`..T.=_./D.|..])LnQ.c(......p..o..L_m...h.S.h.:z?2.+...z.......Y....!I~.+&V,{.<(."?.{.=.E..i..:+.j.<..p..q.f:......d(F..7.s%;...M.,R.k....K\d.o3..........vNtG..B..._G9Y....S.....m.....gh....Otm.j!M-n..t.m.&.(8..On.wvy..N-.y.....Dr......w..UY.N.r.......k.`...-....!,.&..B..]T...,.5.....m.'z....V.].i..3v..|.........\$...Z.Y$...8...#..:...kU]....g...R...g.U..R.(....A....7.f9........L..M...C.E........].KE..Q.(.vo.0..nF_....9K..,.1"....i..-........_..._.....Q.....C.]gp..u.X.?.......b...,..Io6/ ...[...>.,.m..s..._...L......j.:..u:...J...i...j..n{[#...~5....<?=Fg.n..~c..k8...w.....^p...F.9....b.....~..DK4.6.@`..z...ZY.....zh...I.>#.....nA[...t.m_./..Z...{. -$.z.&.6. .Q..%./........1.V........<..:...<_vQ.1G.z0(.N.;.B"h.....Zo.]"..e.k.b.1...k...c.O.*..?V..J.d.|..(..].1C\....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57896
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.173653035778126
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:RJZ9Gx/x4S7IRyh+ngOBF31+ywIsybxluYL6uKjxtYcFm7B6K+EEpYi60Ttc:RJXA3ogMF+KTbxWuwhm7Bl+976b
                                                                                                                                                                                                                                                                                            MD5:CB9890B01A396F64D702AD10F441003A
                                                                                                                                                                                                                                                                                            SHA1:44C086CE6BB8078E252F41F5BECC1CB650FF2F33
                                                                                                                                                                                                                                                                                            SHA-256:1A7194E86B266261501B7ED1AD3EA13FE73DFEEDDCD1BA884894A0155BDBE2EA
                                                                                                                                                                                                                                                                                            SHA-512:6CEA4A2E31BD33CC13A9F5EA4D162B75BED863DB2569B0ED46C7389F3BCDBA3333CDDDCF2EA83C95CE3678458796D4A476F151705CF256E0F4EDBA6CD1CAC952
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bg.........."...0.................. ........@.. ....................... ......;P....`.....................................O.......................((........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......HR..Dn...........................................................~....(....-..*.(....,..*(....~....(....(.....l(....(....*...0..3.......~....(....-.(...+*~....(.....(.....(....o....(...+*..0...........(.....~.....( ...*..0...........(.....~.....( ...*..0...........(....(......(!...*2.(....(....*v~....(....-.~"...*~....(....*...0...........(#....(.....o$...(%...*.0..g.......(&....('....o$......o(....s).......+......O...r...p(*...o+...&...X......i2..o,...o-........,..o.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1251
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.000868036244702
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JdszvPF7N8OH2//3dVhOXrRH2/dV0PH2/+w3VUrPH2/+789y:3sB7iOgl27Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                                                                            MD5:16D1DF732FB7C3FE51EE9657C5AC458C
                                                                                                                                                                                                                                                                                            SHA1:32CECF6AA8A03E11A967D54C67F9404F6A73D57B
                                                                                                                                                                                                                                                                                            SHA-256:4FC493DA952DF0968311A06FAC3A5D03FBC2351DB77D0D907A1FAFA4ADA08777
                                                                                                                                                                                                                                                                                            SHA-512:1F33ADA48F1ECAFA9238B87A8743C0A92953D123A917E38EC9F7EA7B92A7514AF6F244E4E3F77141D9ABDC11D120641FBDE9318525E0C3F2DC16F6E1D91634C9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>... <supportedRuntime version="v4.0" />... <supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.0.12.0" newVersion="2.0.12.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <asse

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:WhXTLS:WBTm
                                                                                                                                                                                                                                                                                            MD5:B59798490D7FC941B65D9D167BF653B0
                                                                                                                                                                                                                                                                                            SHA1:847D3B03FCC645D7DECB28202E6F81B4D74DF41E
                                                                                                                                                                                                                                                                                            SHA-256:43908848F40428C43F5E14EE3936E05BBB34B25B1AB02649C1B18A9B865E5F5B
                                                                                                                                                                                                                                                                                            SHA-512:E90FEA91F738C54C834A17FEEDC34DF9AEB9B998B650C0046FCD5398AE25A003B6CF1069340CBDDE8BA5C85DC525A50E1967E5508C75E031018D9AC4E371ED3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:version=26.7

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):112168
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.178481255293971
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:Ngs5os2RUW33uzNrscqSofyqwshFDfuX73QbQgLb/xs8bRUi+kEWWdK76tU7:N0jjnl1wuDYjQbQgLbZs8DWdKl
                                                                                                                                                                                                                                                                                            MD5:AE411E264B869D21031D5442ACEF3618
                                                                                                                                                                                                                                                                                            SHA1:CC6F471E281201D4399239EFB184C346321E24EF
                                                                                                                                                                                                                                                                                            SHA-256:37272AB76D36BC3F7371FBB2EA775C1BE98F38E3C9DEFD0D221CB3026DF5418C
                                                                                                                                                                                                                                                                                            SHA-512:F28607F0A814250C728CB4353E8D5B4251E192EC20575D29A3633DC4B726C29861B97F189B3FF83CD38F8CC9BA70F2929317BDC4602C725EC326C13F74E49C48
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.g.........." ..0.............b.... ........... ..............................M.....`.....................................O.......8...............((.......................................................... ............... ..H............text...h.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................D.......H....... ....!...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\CredentialManagement.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):38952
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3111399953479745
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:GINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wgfmj5:/Nsii6v/HS0+OJd5gpKm76tgm5
                                                                                                                                                                                                                                                                                            MD5:16E79C583F7442B4B41AF27F343BB123
                                                                                                                                                                                                                                                                                            SHA1:ACD2A37BCCBF3A077B35759BDF083A5902784172
                                                                                                                                                                                                                                                                                            SHA-256:038D7677C72152B9D2F7C1A55DD19AD0329C627FD473E67A4F202847CF276AB7
                                                                                                                                                                                                                                                                                            SHA-512:A12ABC36729277939968F1A93C01D4DBF15DA75E6ADCBB3B02877201131526BA60A1BDAE2CC9C4F058954F939AA006F343C6499309A2664FEA7BCA346E251C54
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ...............................i....@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):398888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.13429501746206
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:mjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvu:m+e55LgIkTmyAAfTnMLvu
                                                                                                                                                                                                                                                                                            MD5:0D4742755CA8DDC5513D338CDBAEB543
                                                                                                                                                                                                                                                                                            SHA1:05BD67409F6A3FF88FFE57F366B283D01FE6C07A
                                                                                                                                                                                                                                                                                            SHA-256:F6978EF467AC885F35F5EE6F761974CC486DD9CF12AA9178827FE86EC8550B6F
                                                                                                                                                                                                                                                                                            SHA-512:EEA314D7B17E711DFB4AA4C871BD2EDDE5B152B8B19BDCBC9D311A1DF07EA2510A02983C9702C7AB9E839EED8A25BCCAF2AACAA15F78D9D905E452EB9E764336
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`............`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710184
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.960661184398182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:EBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUT:EBjk38WuBcAbwoA/BkjSHXP36RMGi
                                                                                                                                                                                                                                                                                            MD5:E0CA09DECF6BCF9F12BF5AFE621889F9
                                                                                                                                                                                                                                                                                            SHA1:CA79CF74CFBE9FFD2BC818995F6DC70DA29F2E92
                                                                                                                                                                                                                                                                                            SHA-256:822C405144EF0E6D8005948EF59502FCED2B2ABB01B6010DFA5B08155B65D903
                                                                                                                                                                                                                                                                                            SHA-512:63DCAD9130F7254500A0D11A9842D5884CBA626CFD08BBF0D0FB7014EAEB40D6FF4AF9DBE90A34E8769025D4F9719E0B6B9D9BB5E8C7EA46EE6EA06B58EA6AA1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ......J.....`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Buffers.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22056
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.674556786635184
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:/y/fjFwUI/KQyVvKdDhG6ISDFWvYW8af0Nyb8E9VF6IYijSJIVxOqiPn:/uhMaVmzDC6k0EpYi60i
                                                                                                                                                                                                                                                                                            MD5:B9FEB4A492B5DC72D17382371DCFE021
                                                                                                                                                                                                                                                                                            SHA1:A4114182A2F8D2349BD8B43D61E0B50EE4A0FD9A
                                                                                                                                                                                                                                                                                            SHA-256:CDEF6D4BFEB7A3BCADE96BC3009455D638370DE13D213CF496171B93508FE8FC
                                                                                                                                                                                                                                                                                            SHA-512:731DD8DA749570A33C7B0BBA4C4CC6AE67B7910313AA3696F0F6A9D6EBF0F535F979567893E6A62BD7193424331D8A237EFBCB4F5E2EDFA6C25C0E2F6E27F027
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............((...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):64040
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.266505546281646
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:EYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zzY:EKC9niwOepJ6TJPeb6NIUFg76Kz8
                                                                                                                                                                                                                                                                                            MD5:735C0F1B3DCB1E83A8C6298CE3354051
                                                                                                                                                                                                                                                                                            SHA1:6DF695211488E5B324FDB5C96934D34226A760F5
                                                                                                                                                                                                                                                                                            SHA-256:B805786E19100ED7896E8B29A0AE1E4C56562C3236DD1F0EF5338926C5FF87FD
                                                                                                                                                                                                                                                                                            SHA-512:97A0A0C2F37B702731213DA3EBCEE9893571F54A9849CF07E620147B2E7EBE4E7095D95031DB4C0D2AF56FA2D1F1A76E06130D51CB117E6C5ADC4AA02DDE9E1F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@.......R....`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Memory.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):138280
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.178438711756712
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:UP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8IJHd:Uh0qjC5RMOHO420kN12
                                                                                                                                                                                                                                                                                            MD5:7C1E36B577AC6CE1790148F8A1DA8462
                                                                                                                                                                                                                                                                                            SHA1:B221CE6727CAF2AA2DE2D3A320CC402AF69F2096
                                                                                                                                                                                                                                                                                            SHA-256:BF0D85183BCFA66BA242B3E844F01A2069E7332C8CF24BEDE7DCFCAD9A3AEC57
                                                                                                                                                                                                                                                                                            SHA-512:280F6AAAF9585B7F17390C21EC76AF4B33EDB29B1331AF78AE65891249CB233F2B42C726658EA37CDE4582C06C3AD8C5227272874186AB4E3A55D8BFB0B8CF74
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`......$.....@.................................3...O.... ..0...............((...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.637457135545288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:rTO9dQWXYW8a6gNyb8E9VF6IYijSJIVxJF08l8y3:rCn6xYEpYi60k8iy3
                                                                                                                                                                                                                                                                                            MD5:D8258B4140601E682A62B35D06A394FB
                                                                                                                                                                                                                                                                                            SHA1:8EDD41B730DC3667E43C247C2384DBF9E648454C
                                                                                                                                                                                                                                                                                            SHA-256:C89C3ED7B961F0318D780CD95E8758C577B08B168DE9DBDF444D1244CD89B65F
                                                                                                                                                                                                                                                                                            SHA-512:BA07495C9C5852060F4D057F7F630D20B8C3D4C3612EE04B1947C8DF8EE3C1AA9821231FF0C3592978F8F9A9F4EAD03D92D11613388DED93DCA47506242124D8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^...........!.................1... ...@....@.. ...............................]....@..................................1..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ......................................O..q.<.P$[p.;a<...Ci......K..!..&.d...FaLJ.....f..........w.E.E........(y...,.Lr..R..........T.z....5..;.. ....&V.=}.... .0.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):52264
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.161978276948053
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:vb0Koxa6kNbCGUThcuqdpN5BZMgWFv6Chh5GAEpYi60yL:n0VBqXNdM1v6sGJ76P
                                                                                                                                                                                                                                                                                            MD5:A074F080BBC54559C13E01E35B436FEA
                                                                                                                                                                                                                                                                                            SHA1:1D0B9B0EDFD2C4EE22D5BF6999A3EBC05231AF00
                                                                                                                                                                                                                                                                                            SHA-256:A8141F1679C90062BE21CC569542404DDB112C435AFB6CB3E64CA8A11D6E8CF0
                                                                                                                                                                                                                                                                                            SHA-512:4E1B6C46B8714F6F9E82B672D548A7DD1F73363199E3FF970389BDBA45870643D659C4489187515705324D4AEEDC331CFDB055F00AE413EDA4D9C38CC1458C53
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.l..........." ..0.............B.... ........... ..............................q.....`....................................O.......................((..........4...8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................!.......H........M..(l............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1140
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.958392223272386
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JduPF7N8OH2//3dVhOXrRH2/dV0PH2/+w3VUrPH2/+789y:327iOgl27Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                                                                            MD5:082A70376537A2E9B0BD9DFAD8D2496D
                                                                                                                                                                                                                                                                                            SHA1:1B4A667CFB09D050614149D6FD8A283071DC890A
                                                                                                                                                                                                                                                                                            SHA-256:50934981FA1B0066B22261984941887740838459B5CFA06846BA15F39B4D10F9
                                                                                                                                                                                                                                                                                            SHA-512:763212C74B6AB727C6E2C19CA2CDFC547B357BD5E1E5C196A3A2598DCEB316D3C8E8554A7EDD1AFA99FD38E1153EDC383631D2755BB31E70236084CF27C49875
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.0.12.0" newVersion="2.0.12.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedir

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6655016
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.267118093322128
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:jCMEM0MUMRMxMwMkfqbjxbSzGVr4W11ByHY4W6upIjD:jlV1qKpkfqbjeGVr4NHYJ60iD
                                                                                                                                                                                                                                                                                            MD5:C4AD1B5AFC9FC19605C1D18D32CF30A8
                                                                                                                                                                                                                                                                                            SHA1:7950FC1B7E17E740F3B0F88CD746238A48ABF645
                                                                                                                                                                                                                                                                                            SHA-256:27847B79721CDA829F662198CB36C053B458635BE3E85E9A9265BDF9D37B33C0
                                                                                                                                                                                                                                                                                            SHA-512:38DC58B27393488DF69A3378AB2BC250367186912FC4F7D9D3A3AD1C882763F36E22E2FB2056CEF345B4C13A2930D9A16E556054593577DCEBE5D71258120B4B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Db........... ......c..........c.. ....c...@.. ........................e.....V!f...@...................................c.L.....c..............de.((....e.......c...............................................c.............. ..H............text...w.c.. ....c................. ..`.rsrc.........c.......c.............@..@.reloc........e......be.............@..B................H.........A...!.........H....3..........................................0..T.......r...p...o......9,....s......o......o.....o..........9.....o...........9.....o......*.........3..........7E......"..o....*...b.:....~....*.o....(....*....0..s........:....~....*.o......9......i:....~....*.~....:...........s.........~....(...+~....:...........s.........~....(...+*.....6..r...p(....*.."..(....*...:.(......}....*..0..+.......s.2.....}.....r...pr...p... 2..s....o....&*......0..{........o..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):280616
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.691023070642676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:AG0WgexKpGi8PnJcerXUaxX3HVeES4BEIqTTpX/4ormGpnaVTSGCkMhkEn7GAhC6:AJrycoB3HVeESME3pnaVTS1nh7hCav
                                                                                                                                                                                                                                                                                            MD5:30B0542E627055A7D48687D541A9E6BA
                                                                                                                                                                                                                                                                                            SHA1:E12D2EE08CA0566A037824C3D6F4F316F088BD03
                                                                                                                                                                                                                                                                                            SHA-256:170BF6875CF59E62A72FC2E414EA7F1364F9819534D5EE9E453C96E6863BCC35
                                                                                                                                                                                                                                                                                            SHA-512:2694B174D93D13D2C3CF087551CBDB822548195D9582427B20AA9A2D6E1E1DCB362B4612C5D539E9E567812DD589B227738B3B4A631B4A9D3F6AF0E4549584C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p3..........." ..0...... ........... ... ....... .......................`.......v....`.................................h...O.... ............... ..((...@......L................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):342316
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999331258360695
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Ir6VUI82xfkgpWrvL/JVW2L3ukK29GSya5GZ7F2vtVygTNBr6VEZGqTkxU4sAQgY:Ir6+jAfk/rD/J3Lun8EaekVcgTzr6GZR
                                                                                                                                                                                                                                                                                            MD5:09447F135F7F4486C165061CF443C569
                                                                                                                                                                                                                                                                                            SHA1:3AD4264DB3112F845D35C112AABEA9CBB2E21AFA
                                                                                                                                                                                                                                                                                            SHA-256:0142E2CA4F93C9631591065DC53944A86E4B961620F4FAF1FE8B61A8B2867C9B
                                                                                                                                                                                                                                                                                            SHA-512:BE678FB5CA389198A5CC474C8E9E9D0C79A92A582CB81325B13D8BE226725AD04FAA6ECC3B4B7CECAEDAA6F15EC13F01C0276100EE19FAAF0A1B1DD7D061F31B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK..-.....#D.Y.V.:........-...AgentPackageSTRemote/AgentPackageSTRemote.exe....(........m......~.;8w.8...N.....]..z..1.o.?.............b...T..*.....W......v....,.3.<~.@.U...F]....oCo..a..dR......Q.+.Q+.#B..7.\.@.>o.;..J7wd........H...m.G/.^Y..2..u.._.b.0.%T.U....,^........W.....MS.+...;..N..63d..m.0w._`V.J.t..g.x....?f=...81}j.SS.....*.z..M. ......=Y].yD.<..S..,.{..x&@g.&.}...A...y..<z`.Z.a.>H.......wo.k..]9.9..-.YvL..FhQ..P]..1.+~d.....'9...4O?.$h.....2.`..G....2T<..(.t..q.W#..]C.6/a...o....Q......c...X.....]q..U.%.....8...~..k....~.b...c3ob(G.&.S..8g.x.vO.Cz.yk.p5....i..-=.p...=^...wg.....N...R...TL..... ..uP...Q...... ..5....u..Ydn...RW..w.;).n.v.......WA.Q.........2....,Z....T..P..."....[h......~}..N.k...].6..M..|.......To.......'..Q...&.y.........v...OK8.e^..%>.e..B1:7.#..(..........;...79|.....n..u.,..[....#Q..........{...T...i..H....1.8.....S..|__....^Cu...*....M..T....r..._G,....H....T=..?3.X..{.5..".0(6...\V...p!..1..S...d

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):72744
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.510938920637226
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:r8V3tfciq9s2k7Xvpci+yLYCJoUu7Q6P+O76q:klPna02B86P+ON
                                                                                                                                                                                                                                                                                            MD5:67FEF41237025021CD4F792E8C24E95A
                                                                                                                                                                                                                                                                                            SHA1:C47A5A33F182C8244798819E2DC5A908D51703E8
                                                                                                                                                                                                                                                                                            SHA-256:C936879FBB1AA6D51FE1CDC0E351F933F835C0BF0E30AEF99A4E19A07A920029
                                                                                                                                                                                                                                                                                            SHA-512:232015FE6BEE6637D915648A256474FC3DF79415AC90BABDFC2E3DED06C2F36FCE85573EC7670F2A05126AA5F24A570B36885E386061666D9EAA1F0DA67A093E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B.Pg.........."...0.................. ... ....@.. .......................`............`.....................................O.... ..P...............((...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H........B...............................................................0..........(....9....(....~<...%-.&~;.....t...s....%.<...(...+~=...%-.&~;.....u...s....%.=...(...+~>...%-.&~;.....v...s....%.>...(...+~?...%-.&~;.....w...s....%.?...(...+*.*..(....*...0..-.......(.....3..*r...pr...p(....,.(......(....+..._*....0..(........(......~....(....,..*..(....~....(....*.0.......... ....(......i./.*...............&.........4...%.. ..o.......r9..p( ...,.*......s!.....s!............

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):541
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.097123194334321
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:MMHdGp2VvOF9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdsIOvPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                                                                            MD5:D0EFB0A6D260DBE5D8C91D94B77D7ACD
                                                                                                                                                                                                                                                                                            SHA1:E33A8C642D2A4B3AF77E0C79671EAB5200A45613
                                                                                                                                                                                                                                                                                            SHA-256:7D38534766A52326A04972A47CACA9C05E95169725D59AB4A995F8A498678102
                                                                                                                                                                                                                                                                                            SHA-512:A3F1CFF570201B8944780CF475B58969332C6AF9BEA0A6231E59443B05FC96DF06A005FF05F78954DBE2FEC42DA207F6D26025AA558D0A30A36F0DF23A44A35C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:WhXRLW:WBRi
                                                                                                                                                                                                                                                                                            MD5:B22628235C1F44AE054091C8FDC82D23
                                                                                                                                                                                                                                                                                            SHA1:70C8E5ABD9D2D8A18B769F6E71819FB53B273B9B
                                                                                                                                                                                                                                                                                            SHA-256:B31673E38897D5D84558E2745D02C553649A50063A9F0E7DE7E71BBA89916232
                                                                                                                                                                                                                                                                                            SHA-512:C1097690938F3EDCBA20802DFB77880FB29D1F8B70C62FA76D1828613D57355FD04C0B3D26DA90128DB2DF2E63E4E30C8E195B84452C0931B8CB2F043D5BBA98
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:version=24.3

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96808
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.179705686579105
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:FJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvO1762s:FQUm2H5KTfOLgxFJjE50vksVUfPvO1m
                                                                                                                                                                                                                                                                                            MD5:C548EA0CD65F5981C2DF82A0177A9D3A
                                                                                                                                                                                                                                                                                            SHA1:5D082BC6BC2D1F2267AE8525F3A528A0B58C3161
                                                                                                                                                                                                                                                                                            SHA-256:BEAFAA0CF51CE914B58482094044A6CC742C3269431A812D5683CA3034ACCD84
                                                                                                                                                                                                                                                                                            SHA-512:530AE2069185897612E0129135065954379F75F6C9F9DAEE3F7D9DFE49C7CEAFC8807DC866591F39337410FAFA76733705C316912F3A12AE85565ECB775476F4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................;.....`.................................(f..O.......8............R..((...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710184
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.960555604702895
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:UBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTU4:UBjk38WuBcAbwoA/BkjSHXP36RMGN
                                                                                                                                                                                                                                                                                            MD5:1792F462B4908235FBA6B3B4B2203276
                                                                                                                                                                                                                                                                                            SHA1:E1B0CF8559C330377E2DE7FEE9FCC0FC3D34566A
                                                                                                                                                                                                                                                                                            SHA-256:8CA1C3651A6F118C80E712BCB9C44031EB3D8C7180A60EDA5F2B24A0584082A9
                                                                                                                                                                                                                                                                                            SHA-512:7AB9E256A4359A5560BD8C10014591F350F2788F72693234C16AA0B75F95F9EE3CF5E219B97A33944A5E730202BD355064885FD060812EE150107FFC84C92F65
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\lh.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):86
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.093367190945229
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YhKSLJf2B4VXdkSTVlG7oPJNFH6qJYCnf2RO0Yj:Y5fVQAxrH6qmCeoF
                                                                                                                                                                                                                                                                                            MD5:D2C5A57AF502FA7E20F586BCF5E64ECA
                                                                                                                                                                                                                                                                                            SHA1:BB2F3914753DF5F9D476711143F4124758CE442D
                                                                                                                                                                                                                                                                                            SHA-256:3DC7AA0B5D009A61C4571C33BC3712EDF91773DDC4FAACF6AE481B99958D2F58
                                                                                                                                                                                                                                                                                            SHA-512:73F67720B4636BFB810E51FAF65902B97BC2996C3AA753843444CA90D39ADBF6AA713562C9665309DB20B20C4973E20C98BEC883F28593DF67C47C42962AB2A4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{"DownloadedAt":"2025-01-17T00:11:07.6669745-05:00","Hash":"nNa6OtJ9rJZ/Bzy8rYj++Q=="}

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\log.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):88
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.920134892428192
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:MXXQuVfR5FJKE6LGKWqKRLXsmfWoVUgXAQJ:MHBb5FJflKWqKRLX/qK
                                                                                                                                                                                                                                                                                            MD5:16CD40806C56A403B45DA4928FEB9CBB
                                                                                                                                                                                                                                                                                            SHA1:0ADD209A1A6010205A5272419F7AB0519B704674
                                                                                                                                                                                                                                                                                            SHA-256:D870A13ADAD2CC16B36D2C336D91C8D8ADEB5B5C4869B1476D7DB5043702F42D
                                                                                                                                                                                                                                                                                            SHA-512:4DCF5AF5F4458BED8C96A6BFF72EC527310FA40D665F46B5D4630B08A8800527E0018F4E0DD3B2633A441B209367A24B6A672A9277ADD9B85EED32BDFE940658
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..14/01/2025 11:03:40 Downloading installation to: C:\Windows\TEMP\SplashtopStreamer.exe

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3264840
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999888526840204
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:98304:tXocgF/bGeL2rNCmtrWUw5WjYtwmiwzYi:tdC/SSg9zjYtwhwl
                                                                                                                                                                                                                                                                                            MD5:8E70AF11D0EE2ABE139B40D67E70B73C
                                                                                                                                                                                                                                                                                            SHA1:18582E88E16255D5D267904BDF0357EC9FF333E0
                                                                                                                                                                                                                                                                                            SHA-256:5C687ADAA48B83DE220E8489E0CEB0093BE1F94260750C8D94A1B8497781327E
                                                                                                                                                                                                                                                                                            SHA-512:3A845ED4AB368B0DDE7E98D77FB796E9070F6BB9472EA833E52B19EB5BD47260E0B288FD3C8D19235BD9DED6F7B11EA10985AD871C8F5C82751249301D3EE4A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK..-.....+a.Y$........../...AgentPackageTicketing/AgentPackageTicketing.exe....(........H........b.F..n..|.i.@.....>}X].C....E.6.Et.p......u4a5....;).:.|.j..5.8`.%.k....9...>H....{."[.E8.... ......N....yR..m..E....r..{h.o..d.{z.{..O.0w......[.....^...J.(h..H}........)z.0..d.3.... ....X49.;.Q...........FY.~5.?....NB..!.^...........!....}.X.!u..c.x.......zl...~j=...(.I..X9....<&..H..1..R.!...IxR..q...e0..\.9.*.U....6...@.-.4..........L5.\;'.6.s3.1...KrFJ.........^.{K.SJ.Y..(*.bI.>.K...:..}...`...X...\b.#.......K.;..h...../.h9H...|...T.tWqe....}.!...$.'[L!Z.......r....|..P...'Oy.V..&.]..>\b...z5W.x.VN.#.<.j..MF. `...]...<...'w.Jy$...74R.Fe..;J&w.=U%..............uYP.....q./.Y...$.X./d....._.W..T.+.c&?D..=.s..7.vo..]I..L.e..D......OO.^....!F/.0.i..19h>....v...i..i....j....n;........P.<Y1..T.a....a.....Js..l..Q.e.bMAw.H.$....s^.p.x..G..C.....j.W3....C.~fS...D....N......*.3.8.5.2omy....?.>N...........%..jK.:N.o..u...f...#..(.....,J..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):33320
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.272339196658384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:a2G6bukIMKWcoIQEIhL4lylU9OfWtkfoi75yHiDMMXpO66REVmlRSNyb8E9VF6I+:PLKF6EIR4lXsIEDLseVmlRyEpYi60+D1
                                                                                                                                                                                                                                                                                            MD5:2EC1D28706B9713026E8C6814E231D7C
                                                                                                                                                                                                                                                                                            SHA1:7EF12A01182D28A5EBF049CC1CB80619CD1E391A
                                                                                                                                                                                                                                                                                            SHA-256:C9514BF67DF87AC6CC1002F3585D5B6F7D4093A7A794D524FA8C635F052733DE
                                                                                                                                                                                                                                                                                            SHA-512:9E23588DC6D721F42E309974C3F3089F845F10D1DEE87FB26213BA3810EE3C272D758632CF1C9157F6862BA0E582AFC49C1EE51540461F41840650F216F35AEB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:Rig.........."...0..N..........~l... ........@.. ..............................{.....`.................................,l..O.......4............Z..((...........j............................................... ............... ..H............text....L... ...N.................. ..`.rsrc...4............P..............@..@.reloc...............X..............@..B................`l......H.......@4...6...........................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o......s....%.o........o......s...........s....%......io....%o......o........o....o......(....*..0..........r...p... .....r...p.(.....o......(.....o.......(...........s......[o......s....%.o........o .......s!..........s.......i.......%......io".......o....o....(.........o#...*..($...*...0..~.......~....r-..po%...(.....(&.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1537
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0063120500114895
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JdsIOvPF7NhOXrRH2/dVxlPH2/FVQ7uH2/FV0PH2/+w3VUrPH2/+789y:3sIk7O7RgdjdgFSagFsg+w3Sg+78w
                                                                                                                                                                                                                                                                                            MD5:C3CA0AD8FE91D02044029A11A9480B1F
                                                                                                                                                                                                                                                                                            SHA1:1FB4C1063460C48AC77D3D4702697A35727A5E51
                                                                                                                                                                                                                                                                                            SHA-256:B2AED8BAB56D0FDBD1D6F1277A3257DFFBFD107BEB19320C0D1F4DC0E4AD3AEF
                                                                                                                                                                                                                                                                                            SHA-512:50B18B6DD91CB691C8B77AB612A7172CE59881705A52F59880A29A0F81E910A61D3D4506AB53B1F945611AFE079B96A896F3F01442D3B68801B2748C68AE01F6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:WhWA:Wp
                                                                                                                                                                                                                                                                                            MD5:9A5E9A329E4E73E0C499371205A810DB
                                                                                                                                                                                                                                                                                            SHA1:5B6D85657D4ACD89867283FBE372E9E85C30686F
                                                                                                                                                                                                                                                                                            SHA-256:D109087C4CA318CAD74B7560C32594D37181885ADBDC9348BA1DD35D47B35B92
                                                                                                                                                                                                                                                                                            SHA-512:02BD5261B9E795ED5A07BADD65A6CF71D18751452FB44BDD424DFCC6C50BA7441E0066B125E731018FD6F1A8A002AC4E6961C7EFF21C36FBDA58C8015A100C43
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:version=30.3

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):112168
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.180159202167914
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:BgssVbDRgWchiMWXRIe0ZMTR8U3XTknAxb2waOn3ybQgLbYpm8GRUdokEWUpj76y:BUpviy8UHTRxrybQgLbGm8FUpjR
                                                                                                                                                                                                                                                                                            MD5:5114EBB60AC0416A62499F4CB632FC87
                                                                                                                                                                                                                                                                                            SHA1:2E38B97A6A1EA9B36F64339DD7FC3C58083ABAA6
                                                                                                                                                                                                                                                                                            SHA-256:CC93928F16DADCDAB232332825BB744CD1E6AEC55E59EA14977AEF413EACD0FD
                                                                                                                                                                                                                                                                                            SHA-512:07E673BA52EE82C59E6C3FFC9CF95F39BBFB7903E449A9AA49893879A94A61BB9296D653631DF5FEEB1EB9787512C6008901054C5A2509EDD7132F9477309942
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g.........." ..0................. ........... ..............................=[....`.....................................O.......8...............((..........L................................................ ............... ..H............text....... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H.......0...."...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):145448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.2032780562233345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:hRdbKQx0YYK8gwbUEA5xZs0vVV2yzlhXhYThkyFqhtuElLVwkVJe5K+Q7P6IlIhj:X9XeDmzV2yzlhKLFU1lLVp1+2flYFnQi
                                                                                                                                                                                                                                                                                            MD5:4423EF97B513D7BA0D2EEB1FCA4D28E2
                                                                                                                                                                                                                                                                                            SHA1:7BD205977CBA7A6C21C89C5C9FEAA010B9C9298D
                                                                                                                                                                                                                                                                                            SHA-256:EEC63220063690D7D953A1FB8F3798AE7D277A36482AD4EB804D526A7FE7C71A
                                                                                                                                                                                                                                                                                            SHA-512:316C3C0478FC11FE7C94A31F895E7084FAD4F7C9ED08E19DD30536038FFA80C2B7AF769AFC9C51A2EABDBADA71912BC685E62FFB1123207663F9079BA4D96BFE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....nI..........." ..0.............v$... ...@....... ...............................X....`.................................#$..O....@..|...............((...`......,#..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................W$......H.............................."......................................V!.b.....s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CredentialManagement.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):38952
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.310169343696597
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:eINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wgVK:XNsii6v/HS0+OJd5gpKm76tgI
                                                                                                                                                                                                                                                                                            MD5:FC2E2EB6AA0EB01DEB3D5DDE95216C5D
                                                                                                                                                                                                                                                                                            SHA1:11DAAA7ED638922C8CF473A4FF3BA56224510BFE
                                                                                                                                                                                                                                                                                            SHA-256:862AA98B7C3A28A5B8377BA18BAB84D1D8D289A2EE5ACEB56DE43176CCDEF1C8
                                                                                                                                                                                                                                                                                            SHA-512:A1216C57AE85612F2A48FB7988B61B449343963EF273B26CAE74D1AB18790872961A8AC2EDCA389B00C5C85B82B645F218F784F98F4F6125E6D3B7E00B7E45B1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ....................................@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.WinForm.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):29224
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.670756678192546
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:3mYaXzmSJL6guJrdvc5tIZmQCaBj4QU3hOTVTDvAGvoOCcdcOFyF606Nyb8E9VFL:1SJh5tIYQzT5zyF60aEpYi60uc
                                                                                                                                                                                                                                                                                            MD5:54A2B1EC2667987A308A52DEDF33C0D5
                                                                                                                                                                                                                                                                                            SHA1:556461805105DCB765B7DC5D0E110B82908226DB
                                                                                                                                                                                                                                                                                            SHA-256:1C9A08BC7802BD9F2486B4C967DF27729AE8805B0B6664A257C951ACA199B04D
                                                                                                                                                                                                                                                                                            SHA-512:28A478AC767843924D4B90D42F3A40F033971CE0EDEC7D94BDB86C2659B8605051983C7F9B8223961D1866364F78DDACB6D613F09BF8ECFC1A209D3515FCE264
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p;_f.........." ..0..B..........Na... ........... ....................................@..................................`..S....................J..((........................................................... ............... ..H............text...TA... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B................0a......H....... 3...-.........../.......2.........................................}.....(......}.......(..... ....(..... ....(.....(....o....*"..(....*..(....*...(.....{....,..+..+.-..{.....o....o....*...0..?.........+..o....,..+..+.-..o....o....,..+..+.-..*.o......,..+..+.-..*..0..J.........(.....(....,..+..+.-2.{.....3#.{....,..+..+.-....s....}.....(.....(....*j....$...s..........(....&*z.{....,..+..+.-..(......(....*..{....*.0...........{.....;.....(....,..+..+.-...}....*.{....,.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):219176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.062824781472667
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:nYq80gPJle2CpcKyudA1+PVtMG8e7sw9CcHvhlt:nYqqbe2CSod5dtM8ww7PB
                                                                                                                                                                                                                                                                                            MD5:9D744C31089704B1130E09E63B0A77EF
                                                                                                                                                                                                                                                                                            SHA1:5EFBE59068AD3C09B29565F5A117347F5B85D0EA
                                                                                                                                                                                                                                                                                            SHA-256:D9B9EFAF5C6B1D3EB726EEE5B6FE1517B4693C4E79BD9D36D3D9FB4F56E01E1D
                                                                                                                                                                                                                                                                                            SHA-512:E4456196C56B43ABA2A804694B6177A6EB78D035BD1AD9A0163BCFDDD6FCF75C34AF08C849A8086B78347141C798A050FD33BD02CFAA1BCF679ECB928737D3A4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j;_f.........." ..0..(...........F... ........... ....................................@.................................dF..W....`...............0..((........................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................F......H........S.......................S.......................................r...p(................s.........*...0...........o.....=3A.o......o......,..+..+.-.....o......(F.....,..+..+.:B......oK...*.o.... 7...@........o.......o.....o.....o........(F.......,..+..+.:t.....{f...,..+..+.-......-\.o........([.......~....(....,..+..+.-5.o........oF........ob.......,..+..+.-.....}f.....&......o.......o....*.o.....\3%.o.......o.......t......(......o....*.o.....]33.o.........1&.o........

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):302120
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.175844791268153
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:9tDIk5C5mx115y505H0jIfJMSFk9X0jIfJMSFk9y:fGwJMykwwJMyky
                                                                                                                                                                                                                                                                                            MD5:24E35FC5F23B651ED4C828208990F6B8
                                                                                                                                                                                                                                                                                            SHA1:F7E295866E30105C0E9071B00A77EEC79F60B699
                                                                                                                                                                                                                                                                                            SHA-256:CA054D78E0B23D9EE4C0E42C8F12AE9065D3D0DB4FBD5A535CA2E61FE8FF7D93
                                                                                                                                                                                                                                                                                            SHA-512:E5F8905116BFFDDC60ADE11ABA3733F52BE6FAEA7C1AA57361BC9A395D770D478A1D90D729A94A39171F7D8EF5CF25F45EDF70470A3ECD6AF8C0DC27F1AE3078
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.N..........." ..0..l............... ........... ....................................`................................._...O....................t..((..............8............................................ ............... ..H............text....k... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B........................H.......@W.. u..........`...X...........................................V.(......}......}....*..,..{.(..........,..p .@..(................s....(....*.~.......~....(....~.......~....(....*..0..........~.....(.....{.....{...+..(......{.....{3.~.....3..{.....p3.s>...s....%.o ...%.o!...(6...*.{.....{3"r...p.{.....{.....r...p.("...(#...*...0..$.......s$....o%...(&...o'...((......&.....*.................0..Q.......r...p.().....,..(*...-....4r...p.().....-.r...p..q...(+.....q.....(*

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):432
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0141792226861375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:MMHdGzNFF7ap+5v5OXrRf/2//FicYo4xT:JduPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                                                                            MD5:8F6EB9E75E6A6F0C0D58FB697C10CEDF
                                                                                                                                                                                                                                                                                            SHA1:6944935DFDC33E0C6DB26869BF25EDA85A2622D8
                                                                                                                                                                                                                                                                                            SHA-256:E2B8677434501735FB0233ED0CC2FFEE5BF6FB4387C51DBCB2585A70E42E4F08
                                                                                                                                                                                                                                                                                            SHA-512:A946252B2E3705EAE751A2672D4ADE1499ECEB28C48B4BE6150C4201EE20A7B9A4450C75E06B07F5DAA3528041A566931D988FBD0C2EA90240D61008895BA44A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):215080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.030238846720031
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Z1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7sw:AIzm6pOIgvr7p
                                                                                                                                                                                                                                                                                            MD5:F4E5A12570C546887839144E366482A8
                                                                                                                                                                                                                                                                                            SHA1:44462E129DD9DDF05623BBE3437FE64821F14787
                                                                                                                                                                                                                                                                                            SHA-256:3CA6DCCBC420E9100F3BC9B3BDBEA6973816C62B8DC2A81FF22F6E842C10DD35
                                                                                                                                                                                                                                                                                            SHA-512:8AD5A8B20B3EA96BB5044543D4556AEC224BF343023EB4C5CDD605EC8CA5A7E9BE329E71D9421268CD7FD4B0CA476C102AE0E4F6AE002363B15888D7DAA9E7B3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..((...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):398888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1341588755904635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:ZjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvnt:Z+e55LgIkTmyAAfTnMLvnt
                                                                                                                                                                                                                                                                                            MD5:0F550F1F92AA94E930A6C68D805699C7
                                                                                                                                                                                                                                                                                            SHA1:BFDAAE802A1479E01C0FB5165B7ECC951F82117F
                                                                                                                                                                                                                                                                                            SHA-256:9DD7542BEFEDA3649F61AFAB2D82C1D8B26115F41E864A2F8264E709FC91812D
                                                                                                                                                                                                                                                                                            SHA-512:5567706E01652BF7C7F56FA3FA49547D130CDE23AEE116E706F2868079011C5B263E5CC604B5662E1090B7AB2ABC205024DAAE484C836D6882E7464FBDA85E06
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`............`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710184
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.960676959152574
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:NBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUgA:NBjk38WuBcAbwoA/BkjSHXP36RMGJA
                                                                                                                                                                                                                                                                                            MD5:E9108FCACB095ED2823F69BAA9ED1D93
                                                                                                                                                                                                                                                                                            SHA1:EE25D1E059F0CE1ADDD5E4B7A03853B36C884400
                                                                                                                                                                                                                                                                                            SHA-256:0BA7E4BEDA6C8C7A6B877FC2B7E0B6F8A8F507658FCA54A912F8E45554C182D6
                                                                                                                                                                                                                                                                                            SHA-512:21AED55252C9274266EB2CAF51D5B92762071E0B332CC5DDE7CC32C1782FA81B1140BD0F635016C6FEC0C4A172109825CF6E5EE5A93C6F0B1863CDCEE053AA4F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ......./....`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):154664
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.990887534367274
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:s4wM6OoRu7qywKsqxhDuPr5xJMnOfMAw3TkHjt0QQNOWIkHUsz72otHA3Qe:s4wZywKn/U5xEwKIk0W1e
                                                                                                                                                                                                                                                                                            MD5:82B94D333BAF35B94599C989A1A8EECA
                                                                                                                                                                                                                                                                                            SHA1:5DF13E96606E67B4D5275D3BB91B9A95AFD31617
                                                                                                                                                                                                                                                                                            SHA-256:BB8180CBDF1CDC7E7EBC4D23DAE6224F05145EA2605BF76D18D49983F4756E04
                                                                                                                                                                                                                                                                                            SHA-512:1EBBAC94643FC4D3A74230A006478F1D7DD6A8BA8F8608D7B69DE5C92E9BD3182CDB4183345C73B48B3752D04C060CE42ADB7E3A8C1A9424ED47364E4FE837E7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}.b..........." ..0..*..........6&... ...`....... ....................................@..................................%..O....`...............4..((...........%..T............................................ ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................&......H............D...................$........................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. R..0 )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..{....*"..}....*..(....*:.(......(....*"..(....*f.(....%-.&+.(b.....(....*..(....*"..(....*...0..%.........("...(#...($....#.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Buffers.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22056
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.669568565502546
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:JrMdp9yXOfPfAxR5zwWvYW8aznNyb8E9VF6IYijSJIVxAPc:JrMcXP64LEpYi60F
                                                                                                                                                                                                                                                                                            MD5:E5E7EB1598B17C8373BC0F0C5F937840
                                                                                                                                                                                                                                                                                            SHA1:469D0F5A911EF1C80FC0E328F9E76A34583BB31D
                                                                                                                                                                                                                                                                                            SHA-256:B883AFE3544A92BD429BBA8057F7C4AEAD683739E91F2CCA8F8147FE3327428B
                                                                                                                                                                                                                                                                                            SHA-512:B2971B3D64578564F9A9DEC3616F85570C81AF65C596BA94A21578611C0DD3A834F5964636C4A10264D4A29B2EC2C74BED768DB4992CA2A43313025641BA932D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ...............................L....@..................................B..O....`..@...............((...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):420392
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.109465884923044
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:q5douWvsWkOfjL/MEd6/7vfA8SCW1nFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFr:qpjblhW1L
                                                                                                                                                                                                                                                                                            MD5:EA5C50754B3A11BE9489EAB04AB81031
                                                                                                                                                                                                                                                                                            SHA1:A46386934C9D629956668F87740E4DA4147E07B7
                                                                                                                                                                                                                                                                                            SHA-256:08A76A996C91AB785E4142621CDC3254B47175EC3A33FC8C3513ED8DFF554958
                                                                                                                                                                                                                                                                                            SHA-512:AAA3B07127EEB6F2E058C6864248863D4BAA83CD4683791AB82C507E57EA2EEF6FD78C1FA29640CDF583EC12F8C13668F4D8DE79BF4387711D7EDBD28B826344
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d.........." ..0..8...........T... ...`....... ..............................yT....`..................................T..O....`..p............B..((..........XS............................................... ............... ..H............text... 6... ...8.................. ..`.rsrc...p....`.......:..............@..@.reloc...............@..............@..B.................T......H........X..\V.................R......................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....(.....r)..p.(........(u.....~<...(=...,z.....s....}.......}.......}............{............%......(>....%...D....%...!....%...%.........%....%.........s....(B...*vra..p.(....,...}....*..}....*..{....*vr...p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(j

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):64040
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.266365839467569
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:PYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zw:PKC9niwOepJ6TJPeb6NIUFg76Kzw
                                                                                                                                                                                                                                                                                            MD5:55DD167763EB9C4FE8709C21FDCFECD9
                                                                                                                                                                                                                                                                                            SHA1:A634B0897ED97161B62FF14B15B9AF9FBB760C7E
                                                                                                                                                                                                                                                                                            SHA-256:970011EE897E5BD415A4D70641B6ACC58F0656CB7F87E7C529B90640E1068C81
                                                                                                                                                                                                                                                                                            SHA-512:9F65B7AA10E046D0A64C67052DA8814BCE027239960B8768FF69922B90938299815A4D9D024CFABA296EC0EE2C9DC1FB2B6F8BAE9601235BB7BC34B6237C886F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@...... .....`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Memory.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):142376
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.160369825867044
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:RUGrszKKLBFa9DvrJGeesIf3afNs2AldfIlqI:IBFd3/aFs2p
                                                                                                                                                                                                                                                                                            MD5:817FAA0EF87B090956DC66ABE717C2F8
                                                                                                                                                                                                                                                                                            SHA1:80C57CE1204908B0CD8BF696A9E54C55BF1C018B
                                                                                                                                                                                                                                                                                            SHA-256:0EC0A4222FFAD1F56182B48B6DC62906A3354912B52CB8B5974D5DA6D0AFFF2E
                                                                                                                                                                                                                                                                                            SHA-512:1B04F84E46D7C3894FE9437F3F1E35560FDA773D60413D5F607DE08409DAFBE241249145EC056871CA55B425E8CC39AD44F56F0D1D517149A902019902E7F6C5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`......u.....@.................................X...O.... ..0...............((...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):110120
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.510600631729483
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:kPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/Yb76dH:kWw0SUUKBM8aOUiiGw7qa9tK/Yby
                                                                                                                                                                                                                                                                                            MD5:0325D05CE325053B86538BAE3677D036
                                                                                                                                                                                                                                                                                            SHA1:F6BD3CE0E63F1502FCA3568F9A2FE8EE610A02F3
                                                                                                                                                                                                                                                                                            SHA-256:E4A7BFBAB82F5632AF35A88392FD163F2B994FDF6898BE36166CF59D1DDDD32E
                                                                                                                                                                                                                                                                                            SHA-512:0E7ABF0C24153D4924733DD6A6B867C68439FF58DB0DCB09A11033CDF9D93317C06876971936A35244E0BD4A751356781BA23F7B9F8BBC82C3EE27ED9ED829B1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ...................................@.................................f...O.......................((.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6730203845205205
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:gh06sbbVVPWU2WYNNyb8E9VF6IYijSJIVxeBZcyP:gy9gpEpYi60AZn
                                                                                                                                                                                                                                                                                            MD5:43D2A25330C937DBE092E763C728857F
                                                                                                                                                                                                                                                                                            SHA1:FACA5B0028E066D20DD60BFC381E64183BD1EAE9
                                                                                                                                                                                                                                                                                            SHA-256:7D38BCDD5A122941DA48F3B3464ED2BB2B3DE6AFCDAC951FBAFE827CA3A179D6
                                                                                                                                                                                                                                                                                            SHA-512:43A7F23EB47AB06C231447619E71764853C7F47AC13071A5F1237D477CD5AFF4DD413EE8F60BBD21C5D96E3DD29C494802E71FE69B836FF679449083BA6C6E0E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ....................................@.................................@3..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.523503501017087
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:TyPa16oAL4D+wW9IWmDIW4IWYDa9Nyb8E9VF6IYijSJIVxFXao3O:TWs6oqDjADKeDa5EpYi60t3O
                                                                                                                                                                                                                                                                                            MD5:5CCE0A003A3B4E3FCB05AD331737A629
                                                                                                                                                                                                                                                                                            SHA1:F227F3D440B87FF6CA1DFCB05DB858422B6FB586
                                                                                                                                                                                                                                                                                            SHA-256:98195B6ADD5D1B7357CF9CEACBC47180934050CD1F1CDC30D728CAF933F1F94D
                                                                                                                                                                                                                                                                                            SHA-512:4A210A5ED4F406D7350DDBB9EE969F93F1CA3168A8034661927297319D778FEF95434E4C6D8981FDD17573C42DE013F7C765A39D9EFF8557932547DE47061C6E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ..............................P[....@..................................2..O....@...............$..((...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):41512
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.408720053739074
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ejfAw5tisE7Mkvwtwq6uUQ/B0X5tl9wCVjkz3pVS3Upoztj9FgNyb8E9VF6IYij/:eksE74GX7nwOa5VS2ozd9FYEpYi60F
                                                                                                                                                                                                                                                                                            MD5:7ADB4990E3417E540A8BA94265B3BB05
                                                                                                                                                                                                                                                                                            SHA1:DC9040A3E3DBA544C34ECF8B709C41479390061C
                                                                                                                                                                                                                                                                                            SHA-256:776D914F78177BE94DBCAC47AD3E9D97D9E31208F474A828540EE60E695C3577
                                                                                                                                                                                                                                                                                            SHA-512:8EAEBE99366B7428281B1C0D87030C17E726E8B5D239F00DD29FFAA6F95C27FF443206488B6D08108663B6290F5421CD2BE34BA978BA6E4D94AA2F4CF197761A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6Rig.........."...0..n..........r.... ........@.. ..............................;.....`................................. ...O....................z..((.......................................................... ............... ..H............text...xm... ...n.................. ..`.rsrc................p..............@..@.reloc...............x..............@..B................T.......H........!...............1..@Z............................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....rY..p~....o....t....*.~....*..(....*Vs....(....t.........*.(.....(....(......,....s....o....*(....*.0..........(....o ...rm..p(!...(".....'...%.. .o#......i./..|s$......)...(.......(%....)...o&.......o'......i.0..+....o(......i.0..+....o)......i....+....o*...s+....o,.....,..(-.....&..*..................0..........(.... ....`(/.....&.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1547
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.008195800038022
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JdsIOvPF7NhOXrRH2/dVxlPH2/FVQ7uH2/FVruH2/+mV0PH2/+w39y:3sIk7O7RgdjdgFSagFgg+msg+w3w
                                                                                                                                                                                                                                                                                            MD5:029F543956E8B235A70112C77912150A
                                                                                                                                                                                                                                                                                            SHA1:8F8916C78D9D3E5F92C37BDD39D34CD3B79BECA6
                                                                                                                                                                                                                                                                                            SHA-256:33720B1985FE3F07F13744963085FA641F452EC393C3C8987A6023D0BC493BD1
                                                                                                                                                                                                                                                                                            SHA-512:CF6EF25E7FD7E0B04A4F76B1552621874DAAA43838D0C028E62D1AABFFCD57AC7086A174BE9D5AF283DE8E8F09B5B40505478978102A1D8351681532B3828A38
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):78888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.073747946605879
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:zEgQIe8mLShsE0EGB3GsoTcvlYksQf761:zleyi5ErsoTcvPsQfe
                                                                                                                                                                                                                                                                                            MD5:41697838D5D0D8EDA1411C981C9B29A5
                                                                                                                                                                                                                                                                                            SHA1:6895F922F9EAE7C86C44A123F68BA4047C8E84C2
                                                                                                                                                                                                                                                                                            SHA-256:308EB6E0401D6C30DCB17A1740A9F83197E1A82EE3B885BEBE9D840B6110DC18
                                                                                                                                                                                                                                                                                            SHA-512:C6031B6038D9EBF5A623C482EE034473D54001EF233AE4DBDE9F6AF5C52BDA29FC517B7959D4FCDFD0379AE89C4B60E5E10C6DB434A2B9E44918E4B266AE26AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V.]..........." ..0..............!... ...@....... ..............................DO....`.................................Q!..O....@..................((...`....... ..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H........X...............................................................0..........(....(.....r...p... .....r...p..(......o......(.....o......(.....o..........s......[o......s....%.o........o .....s!..........s"...%......io#...o$.....o%...(&.........,...o'......*......y.,........0..........(....(.....r...p... .....r...p..(......o......(.....o.......((.........s......[o......s....%.o........o).......s*..........s"......i.k...........io+.....(.........o,.........,...o'......*.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):953
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.9874198404771155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JduPF7NhOXrRH2/dVxlPH2/FVQ7uH2/F9y:327O7RgdjdgFSagFw
                                                                                                                                                                                                                                                                                            MD5:8C9F9547ABA4CD154FAA858695986C4E
                                                                                                                                                                                                                                                                                            SHA1:667630B8AEA31C20C20EE569983B73028F0DBA21
                                                                                                                                                                                                                                                                                            SHA-256:7DE06E53089587194D3669B5F2050B363CC2AC1BC66F0537EC4D7AD94357D46F
                                                                                                                                                                                                                                                                                            SHA-512:C305E923A197E2C39813D423FE50D94F183E932BCC66DBEE5667AD7F4083254D50510E35ED3603555FEB4C42F580C8A1FA3D1568CC7305D22B79AB406607F836
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):350760
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.90589251015886
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:4O11JSb/jb5LEH8VAynnnnnnnnnnnnnnn82Bw:e5W
                                                                                                                                                                                                                                                                                            MD5:7A4CBB0228E97071A39E075AC95186E2
                                                                                                                                                                                                                                                                                            SHA1:3711A1F3F76428AEDC2647532575C37A1629AC2A
                                                                                                                                                                                                                                                                                            SHA-256:373437D726DD953113E193FF4028C77AA462BC8EAB53E4F770889746652C3958
                                                                                                                                                                                                                                                                                            SHA-512:EBD2DBE33B6346D020BCE651664B903D31BAFBA4968F8EE8983E38C9EFF8EEA928364D7406945258CF35E805580B125160D061510F16F95900C3CFB276F11EC0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9Rig.........."...0......d......>.... ........@.. ..............................%{....`.....................................O........a...........2..((........................................................... ............... ..H............text...D.... ...................... ..`.rsrc....a.......b..................@..@.reloc...............0..............@..B................ .......H........*...%..........TP..`............................................0............,t.....r...p(....-..r...p(....-..r...p(....-)+G(....(.....p...(....,.(....+*(.....X...(......,..(.... ....(....+..8...s.........(.... ....`(.......(....rA..p(....rQ..p.%-.&.+.o....(....(......r]..pry..p(....( ...(....,......(....,......(!....("...(#....o$..........s%...(&...(....%(....('...r]..pr...p(....( ...((...s)........~....(*...r]..pr...p(....( ...((....C..r...p(....(+...((...(....rA..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe.config (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1786
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.998101412964689
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3sIk7O7RgdjdgFSagFgg+msg+w3Zg+wBw:8TizwzH
                                                                                                                                                                                                                                                                                            MD5:DACBD4EDD0163701F63ADA3E81D8540E
                                                                                                                                                                                                                                                                                            SHA1:219647896B3575AA8A07E2903D50304919C27CA7
                                                                                                                                                                                                                                                                                            SHA-256:DF0FBC7B2A5449681549C81B7EB77B2CE8D3C0C62244C39442A73A0291124BCB
                                                                                                                                                                                                                                                                                            SHA-512:5C725DEE661DF9FFE6D3723606FAF98F0B16094DAFC011CDE062436B351671E952A2C6CFA218E08785DBC2E69E97EC8218E1447683C1450C5BF9CCDC75C2EA73
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):350760
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.90589251015886
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:4O11JSb/jb5LEH8VAynnnnnnnnnnnnnnn82Bw:e5W
                                                                                                                                                                                                                                                                                            MD5:7A4CBB0228E97071A39E075AC95186E2
                                                                                                                                                                                                                                                                                            SHA1:3711A1F3F76428AEDC2647532575C37A1629AC2A
                                                                                                                                                                                                                                                                                            SHA-256:373437D726DD953113E193FF4028C77AA462BC8EAB53E4F770889746652C3958
                                                                                                                                                                                                                                                                                            SHA-512:EBD2DBE33B6346D020BCE651664B903D31BAFBA4968F8EE8983E38C9EFF8EEA928364D7406945258CF35E805580B125160D061510F16F95900C3CFB276F11EC0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9Rig.........."...0......d......>.... ........@.. ..............................%{....`.....................................O........a...........2..((........................................................... ............... ..H............text...D.... ...................... ..`.rsrc....a.......b..................@..@.reloc...............0..............@..B................ .......H........*...%..........TP..`............................................0............,t.....r...p(....-..r...p(....-..r...p(....-)+G(....(.....p...(....,.(....+*(.....X...(......,..(.... ....(....+..8...s.........(.... ....`(.......(....rA..p(....rQ..p.%-.&.+.o....(....(......r]..pry..p(....( ...(....,......(....,......(!....("...(#....o$..........s%...(&...(....%(....('...r]..pr...p(....( ...((...s)........~....(*...r]..pr...p(....( ...((....C..r...p(....(+...((...(....rA..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1786
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.998101412964689
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3sIk7O7RgdjdgFSagFgg+msg+w3Zg+wBw:8TizwzH
                                                                                                                                                                                                                                                                                            MD5:DACBD4EDD0163701F63ADA3E81D8540E
                                                                                                                                                                                                                                                                                            SHA1:219647896B3575AA8A07E2903D50304919C27CA7
                                                                                                                                                                                                                                                                                            SHA-256:DF0FBC7B2A5449681549C81B7EB77B2CE8D3C0C62244C39442A73A0291124BCB
                                                                                                                                                                                                                                                                                            SHA-512:5C725DEE661DF9FFE6D3723606FAF98F0B16094DAFC011CDE062436B351671E952A2C6CFA218E08785DBC2E69E97EC8218E1447683C1450C5BF9CCDC75C2EA73
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):59944
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1324471704124885
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:Q6O442hHI1kIHLxnuFjBm+UuLcxVePk+CXVT+rB9ezGREpYi60j1W:Q6O4JuxnT+UuLMcBClyrvGGa76x
                                                                                                                                                                                                                                                                                            MD5:FCE223AEDBE5FDFD5D1AF1F407A7E457
                                                                                                                                                                                                                                                                                            SHA1:006331AAFD0898E17D7F873F81786DFFAD1171FB
                                                                                                                                                                                                                                                                                            SHA-256:F4AE472EF2A816DD53F9A08A7E4C2604470FAD1C9F570BD6BBCA2E2EE7D31AE5
                                                                                                                                                                                                                                                                                            SHA-512:3B6D1F6A844FB90BBEDDBAC9CBEE9BBD6B9E0E737E8DEBD3647AF20982B2D61622E708D7555800A15C1BE874BBBC2476A8F775B7D60F58E14C8798E925C202C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ............`.................................m...O.......................((..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........X..0.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..s....}.....s....}.....(......o8...(...+}....*..0...........{....o.....8......(.....s.......}E.....u....}D....{D...,........s....(....&+ms.......}G.....u....}F....{F...,........s....(....&+8s.........}I......u....}H.....{H...,.........s....(....&..(....:J.............o.....*.................0..I........{....o.....{....o.....+...(

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1191
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.971943087661362
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JduPF7NhOXrRH2/dVQ7uH2/FVxlPH2/FV0PH2/+w39y:327O7RgdSagFjdgFsg+w3w
                                                                                                                                                                                                                                                                                            MD5:B8E88B1C181AFEB535BFEA1155000E8E
                                                                                                                                                                                                                                                                                            SHA1:EB9066E96542DCE5F35DBF2F1424FD79ACEBB65F
                                                                                                                                                                                                                                                                                            SHA-256:5D094CC46FED5173A2B1BE4C8E5DBDB658D2C14ABD367C47DFC6F6EABD5F295C
                                                                                                                                                                                                                                                                                            SHA-512:58459651D3358FDDD4114AB569786A2306338C08D27D3D449BE2084EAE9D4A619C5650D3699DCA6702AEFDE8F9E77FD9E56C87EF51D4A8CCB2A22A378C488C37
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\log.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1006
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.221795193991655
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ekSHCniIqr4CaniIYpSVGYSEuhdrC7U4APUrB:XSHoiKhiJwVGDEmOUxgB
                                                                                                                                                                                                                                                                                            MD5:02ED4E0AB09A77CA2AE7B92C7BE4B645
                                                                                                                                                                                                                                                                                            SHA1:0C58CFED8AC29E56C4FE19931C99611861D5357E
                                                                                                                                                                                                                                                                                            SHA-256:860C79D758EAB6E012813EA5ADA3C5C972F9E632FBBF5CE49140B8B814289BEC
                                                                                                                                                                                                                                                                                            SHA-512:2D9675918B55F9904AB694764AB699328D7C8289E58080CE06002BFDD1F380F71B3A99E89C3368693C965B38ADCCE3C1BA1FBD8D9989557B35DFE1C2D118ED11
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..18/01/2025 15:42:14 Problem: Failed to extract path: .. Exception: System.IO.FileNotFoundException: Could not load file or assembly 'ICSharpCode.SharpZipLib, Version=1.3.3.11, Culture=neutral, PublicKeyToken=1b03e6acf1164f73' or one of its dependencies. The system cannot find the file specified...File name: 'ICSharpCode.SharpZipLib, Version=1.3.3.11, Culture=neutral, PublicKeyToken=1b03e6acf1164f73'.. at TicketingPackageExtensions.DownloadAndUnzipNuget.ExtractZipFile(MemoryStream archiveFileStream, String password, String targetPath).. at TicketingPackageExtensions.DownloadAndUnzipNuget.RunSync(List`1 downloadRepos, String targetPath)....WRN: Assembly binding logging is turned OFF...To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1...Note: There is some performance penalty associated with assembly bind failure logging...To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableL

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4987430748917925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:8LOGTOwM15TRwLm6or29Nyb8E9VF6IYijSJIVxyy1So:8nMTR0Pa25EpYi60H
                                                                                                                                                                                                                                                                                            MD5:78E552CDB4CB2B0DE7A1CEF209C90CE0
                                                                                                                                                                                                                                                                                            SHA1:26CA5C6511B224CF02BB1C0DC1B4579C268E4B30
                                                                                                                                                                                                                                                                                            SHA-256:0FF7666BB20911A83680B6C1FF02341A503B347AE020434997580F5B2F2C29A2
                                                                                                                                                                                                                                                                                            SHA-512:9D0FE6D3580B5D5CBA458CBF6C4AEDE62C3DD107D72A13805F605AC0674AB6130B669AAA4E96069C64F24523C7477BBA575C813011E2443108B7DCE33268004C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\.\.........." ..0..(...........G... ...`....... ..............................&D....`..................................F..O....`..L............2..((...........E............................................... ............... ..H............text...4'... ...(.................. ..`.rsrc...L....`.......*..............@..@.reloc...............0..............@..B.................G......H........)..$............................................................~....*.......**...(.....*...0...........~.....o......,..~.....o......+i.s(...%.o.....%.o.....%.o.....%.o.....%.o....o ....%.o....o"....%.o....o$....%.o....o&.....~......o........+..*..0............(.......o....o.......o%...o................o!......(....}.......o!......(....}.......o!......(.....o#.......(....X}.......o!......(.....o#.......(....X}..............s..........%..o.....#....%........o ...&*...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1817640
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.551365167856295
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:d9EeNSPwEW3cFSI4Tfm3hvbHsjAJcAMkPR:d9Nzm31PMoR
                                                                                                                                                                                                                                                                                            MD5:0E488B8F6A93F0148C1CD10588FA3BE1
                                                                                                                                                                                                                                                                                            SHA1:4480B6DE0CE67A9DFC4CF70BBB00C8336629BBA7
                                                                                                                                                                                                                                                                                            SHA-256:BFC17FCA01C65C1E5B32ED0225B354D9613764A3A51DF5B1C464031608D97179
                                                                                                                                                                                                                                                                                            SHA-512:5D48FC54948C4FB80E0C506554F140476CEB6901BC9A1D11A577C2C6293415C1F69DE420E36E8840BDD8B5372F45A4DC8E2BBAC5CE21643A497CE77D925826EE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nN\.. ... ... .Q..... .Q...e. .Q..... ..Q#... ..Q%... ..Q$... .8..... ..].... ...!.~. .rQ(... .rQ ... .wQ.... .rQ"... .Rich.. .........................PE..d.....d.........." ......................................................................`.................................................P...x................!......((...........@..p............................A...............................................text...0........................... ..`.rdata...1.......2..................@..@.data....`... ...J..................@....pdata...!......."...P..............@..@.gfids...............r..............@..@.rsrc................t..............@..@.reloc...............~..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1436200
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.78131691404635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:as5ThI+vIjDEzn7tcBGtYnxLbdVlRdouD5RawYkGq78Yr4i9YE1tOvhefHXCvEsB:hlI+vIjE7mjOuKa8Riy+gvhaIn2+0y
                                                                                                                                                                                                                                                                                            MD5:7C0A2478D0C82CAE07C4435E29A10D4C
                                                                                                                                                                                                                                                                                            SHA1:DEA183C555F7DC655EF9A67CCF887F4529059E4A
                                                                                                                                                                                                                                                                                            SHA-256:68DADEE50F471C04AEF8C9498997F7E7E60100C4D0047784C47F9E8C9BA287C1
                                                                                                                                                                                                                                                                                            SHA-512:6F30F47F6AA27418025A4325604D7EC6931B73544D86705532DAFB8AAEA153DCAE63F58AB51FF49DC7A572B4B38E7BD0AEF2C3CB82C33CE8542DD4D17099AAA5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..{2..(2..(2..(.*W(...(.*U(...(.*T(...(..)%..(..)'..(..)=..(.Im(:..(,.5(1..(2..(...(..)3..(..)3..(..Y(3..(..)3..(Rich2..(........PE..L.....d...........!.....f...X......................................................3.....@.........................P...t.......x....`..................((...p..X...@...p...............................@...............H............................text....d.......f.................. ..`.rdata..............j..............@..@.data....8.......,..................@....gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..X....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):584433
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9996007806235445
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:AaPKah+cOqB7YBiq57hmRYB2Vb7mde3FV/ruWIwUhA2yaJ4Gi1Cx/cL:xiBiqIYQF7/7ruQWA2Xxi1wS
                                                                                                                                                                                                                                                                                            MD5:B50834694383960830CF48D9836E1108
                                                                                                                                                                                                                                                                                            SHA1:ADC80813181B98A8296BEFA2960A55F939F3BFEE
                                                                                                                                                                                                                                                                                            SHA-256:370A259808052366888284B0CC4C91FF8F23E8008003959B8D0EFB1ADBF00CD6
                                                                                                                                                                                                                                                                                            SHA-512:F87BE933E87275B000BE031AA5DF7536DFD5FE9B99A607CE0904F206E074D3A0687A00654B9B78EDAA2FCCF3D30526E0EE5BD7DCBA4A5DAAFD6FC60EEAAA15C5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:PK..-......FgY...........5...AgentPackageUpgradeAgent/AgentPackageUpgradeAgent.exe....(.......ch......75d..........z..L.....5...*...S.'.?...h.6..Eo....."y......5...z_...y..&....L..ZZ6.....=U...f...JYj......../..~.%......1,=....,.J....eG.=.i..G..I ..6m~.GO...............E,._&;>o.........{....@..Z.S......]....HS..TW...b...#Rh..H...p.|.A_..Q..NZ4`3a.....DE[.!.7.!.......@..]..ja..P.)..C...!g..UUG.........../..uW.&...!g..G.kv.z]C.-..p.....J..j.1".M..Wt.-x_.....&.g.k....Dc.}$".M....=..:......X?..i.peV..'.."-....e)0..'..D....v...1..1..g..X[...`....y....a...R...BE..:!.%{...v.:.K.#h.u..W..L.l..:.M..DXd.&.}......$.........:....D|t3......Q...&.".3>.@.....H.^.@..2. ..../.Y.............np....G.GU\......6.]i(.E).Z?yj..?V.Q.Q2.. ..q .Z4HN...W......G_.E*v3 ...A...4.....r...z..r..3~..i^..Qvj.:O*:.....+...>s&H.d..sF....V.8.~.'*......6..i......<....ol.($....8.E..s.....6...]WF!]P.I...\/..$....Q.4...r.b4S.Z.$..h....Y..5....v..n.2.K.w......(..?.UH..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57896
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.807323990997079
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:rNvSjQvTQYc1IY1OwcujXQft0k5df9bq76In:rRSjQvMYcSIJcuMftH5d1bqL
                                                                                                                                                                                                                                                                                            MD5:E9794F785780945D2DDE78520B9BB59F
                                                                                                                                                                                                                                                                                            SHA1:293CAE66CEDBC7385CD49819587D3D5A61629422
                                                                                                                                                                                                                                                                                            SHA-256:0568E0D210DE9B344F9CE278291ACB32106D8425BDD467998502C1A56AC92443
                                                                                                                                                                                                                                                                                            SHA-512:1A3C15E18557A14F0DF067478F683E8B527469126792FAE7B78361DAD29317FF7B9D307B5A35E303487E2479D34830AA7E894F2906EFFF046436428ADA9A4534
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....,g.........."...0.................. ........@.. ....................... ...........`.................................<...O.......x...............((........................................................... ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B................p.......H........X...s...........................................................0..Y........o.......+C......o......r...p.o....t)...r...p(....,.........,..o.......&....X....i2..*..*...........$;..........8G.......0..#.......~....r/..po.......(....}.....{....(....,.rw..ps....z..{....o......r...p.o.......r...p.o....t)...}.....{.....(....,..r...p..o......}......}.....r...po.......r...p.o....t)...}.....{.....(....,..r...p..o......}......}.......,..o.........5.,..o......,..o......,..o....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):535
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.076084597400077
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:MMHdG3VO3rdZRLNFF7ap+5v5OXrRf/2//FicYo4xm:JdfrdDPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                            MD5:D505E3DE03F172FA2B246E210054C5F7
                                                                                                                                                                                                                                                                                            SHA1:F5A480F56F760EEBA3B29108387E54D70A721127
                                                                                                                                                                                                                                                                                            SHA-256:A568F933F09B1AD1EE5E88DDCFFA1FE5921D18B73477136E1FAEE55F2BEF399A
                                                                                                                                                                                                                                                                                            SHA-512:80F01447B43525DBDF5B283522FE14D9AECEF16E55EA3FE36DC0A94B53C49E03BB56136F0911C348FB78FB5AF6112B1DE7C38CBFFBD73ACB2971655EF1B2B859
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:WhXSnn:WBe
                                                                                                                                                                                                                                                                                            MD5:39DF0BC698F203A4FEF18A68A7B0EADC
                                                                                                                                                                                                                                                                                            SHA1:0EA8D556AF659E0C8D6406B5B3E7E56EE6A10188
                                                                                                                                                                                                                                                                                            SHA-256:F8DD3CEC3612C302B45EA9539002625E58E528A5CB68B4B0E6C3C2A378122C1A
                                                                                                                                                                                                                                                                                            SHA-512:E6FF51381293BFD52EAE39B9868968A76D94BC993BAD5566C532A30E5EE5FE121C2F5B8EAED7ACEE59E3F6B8C1B3BEBB53B07B46F572F3498B1800B0DEAC128D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:version=27.6

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96808
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.179305078416296
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:nJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvO1762y9:nQUm2H5KTfOLgxFJjE50vksVUfPvO1c9
                                                                                                                                                                                                                                                                                            MD5:BE16D0F73D33053C3817894C955BFA43
                                                                                                                                                                                                                                                                                            SHA1:6B79C7034EE0E4DBC4B90ADC3B47BF395CAE052D
                                                                                                                                                                                                                                                                                            SHA-256:434EA180FF3960ADF251CF34B8333A1BD70EAA7BDF42279317F2ECD7B7CCEAEB
                                                                                                                                                                                                                                                                                            SHA-512:6F08EC35E1D194328CD923FC22C6BBAFB072497ABA03DAC59F8E78C99D2CC3C87237CC5178CFEBA52078AC729286B8221FD7A8CD676A5A49D2879C553DAB332A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ....................................`.................................(f..O.......8............R..((...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):186408
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.933461189028906
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:mkfZS7FUguxN+77b1W5GR69UgoCaf8/BCnfKlRUjW01KyFxYV:g+c7b1W4R6joxfQ8Y
                                                                                                                                                                                                                                                                                            MD5:7989DFD7A0AF54F59AD5C3E483A66CF6
                                                                                                                                                                                                                                                                                            SHA1:4F323F2E5174A789A31068DD76355447DB61AFFB
                                                                                                                                                                                                                                                                                            SHA-256:0E47E3F0432060BAE79988A622AAB4334328F85FE443D764D4C81D94C9F3DBAE
                                                                                                                                                                                                                                                                                            SHA-512:757182DF2492B66E06AA3B1854DAB487BB512FC5FBCE869CA4265218F5889D2D5B3748C2FC5B458FA148D10F3F5B61028DCA9B789F6766689BA1A24E9BE06936
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&..Z.........." ..0...... ......~.... ........... ..............................,Q....@.................................,...O.......................((........................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):331816
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.168523582236471
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:ZBhhiUWKJzPZNRntAXIjxs2f5Jg53XWlvidurmdIq8KmefViYkJTVBXi3VaKtNTk:ZDMUWITZznu85k8Wdn8KmCjIFi3VvY
                                                                                                                                                                                                                                                                                            MD5:41E6FC15337B1F2F556E3DE56D0DB476
                                                                                                                                                                                                                                                                                            SHA1:EF8EAAC6EF9B00383B48762773A5110D7C2F3EEA
                                                                                                                                                                                                                                                                                            SHA-256:81D43F8C0726143F28A33390B78E540C75F48733C3518B9D605C2E52AC0554C4
                                                                                                                                                                                                                                                                                            SHA-512:56956F6BBB56BF481B1434ADC0D37303065206FC4ECA8787B6EC8CD089D7C619875C62BBD282F5F0D9A69820937651968CC343CF5AE251B08345997BDD0555C7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@......f.....@.....................................O.......................((... ..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............9..............H.............................................{....*..{....*V.(......}......}....*...0..A........u3.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q6....6...-.&.+...6...o.....%..{.......%q7....7...-.&.+...7...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u8.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710184
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.960700401761297
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:NBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUD:NBjk38WuBcAbwoA/BkjSHXP36RMG+
                                                                                                                                                                                                                                                                                            MD5:2CFBB3EA34E3EAEFB478A1C0BF00190D
                                                                                                                                                                                                                                                                                            SHA1:A9298FD5C46D97C296E06B9D9D4034C2EC657D57
                                                                                                                                                                                                                                                                                            SHA-256:34FFBC77AEA4058D6B4EF621815B5C56EDD35585888FBCC2DE10E7B176EE3A3A
                                                                                                                                                                                                                                                                                            SHA-512:DA46D62BB6466E9B8DF21E75C594C06CBF3D79C8FE6038469B74F6562CCA9B38A482F386034F7B3C0D9DEEA6C5D0420AFE0EA08E59B1BBDA1C07B866D9F0B352
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... .......r....`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):55848
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.238377987704794
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:SREoc0f5k1KlLoz0WOySMEpnSO7iX16UJKdiYpxDEpYi60WLS:SR8+5k15z0WBZEtgwJx876FG
                                                                                                                                                                                                                                                                                            MD5:2FB2CD6CC7C0B40202165C2ACF27F3FC
                                                                                                                                                                                                                                                                                            SHA1:D3125C28C46AD0083EA1EB65EAE6FA077908D985
                                                                                                                                                                                                                                                                                            SHA-256:4E83AE51D18FABA26E8B1315C199AF46DF7A1AFB18390DB30337679DF54A7812
                                                                                                                                                                                                                                                                                            SHA-512:C84CB5DE47798E6F0459BE87BCBA514FC14531F361909A2B81CFD6B477206B75C9F0F338C1477BF9A87BB7D08ACFEB99342EC5C9F1535F510BE742A27B5ED099
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<V.........." ..0.................. .........c. ....................... ......s.....`.................................P...O.......H...............((........................................................... ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........".................."..P............................................................................................0.......................0.......................................................................................0...............0...................................................................................................0...............0...................................................0...............0..........................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):602672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                            MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                            SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                            SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                            SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):73264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                            MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                            SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                            SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                            SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):753
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                                                                            MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                                                                            SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                                                                            SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                                                                            SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7466
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                            MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                            SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                            SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                            SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):145968
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                            MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                            SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                            SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                            SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1442
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                            MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                            SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                            SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                            SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3318832
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                            MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                            SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                            SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                            SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):215088
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                            MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                            SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                            SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                            SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710192
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                            MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                            SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                            SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                            SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Pubnub.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):602672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                            MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                            SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                            SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                            SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):73264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                            MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                            SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                            SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                            SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\log.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):213
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.157395427768146
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:AH2pC5589w3pKFSQOSAMITGPh7YtIBpDX:pw57MSQkTGPpnX
                                                                                                                                                                                                                                                                                            MD5:96A0D89360EC0DF4A4D01DAAF93941B6
                                                                                                                                                                                                                                                                                            SHA1:E3C4352A17773832A4D81173F8D4126AC02E7315
                                                                                                                                                                                                                                                                                            SHA-256:976586145C8E9916F99B0F839BF37F0528B1E23437FB62D9716DF1F073AE3E7E
                                                                                                                                                                                                                                                                                            SHA-512:99002090208A7F740EE8918E852C8B35A827121BD5C961BBC37235F006123C3688A702EFC6134F293DD6CE6D59C6E6F3A7E6827F082F8935596C8543D334B9EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:/i /IntegratorLogin=orcamentos96@gmail.com /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000PPQvXIAX /AgentId=374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3.14/01/2025 11:01:57 Trace Starting..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\inprocmessaging\trayProcessMessages.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):178
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.280909554972514
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:5PbTsPs8eGu0bzV6UgMHwirmfHP9NVouOJTufrsf3J2MzqRI+OPkvOy:RbTMuCVRgMHRmfHV7ouOJTuj25rmRcfy
                                                                                                                                                                                                                                                                                            MD5:1E4CC6EBC9D343AEFC6CBC72CEB0031D
                                                                                                                                                                                                                                                                                            SHA1:094E92302FAF26525546B7C797C05668D8BB5823
                                                                                                                                                                                                                                                                                            SHA-256:23413F022B0F174A0107B28CF0F8C725B3F4DF79DC8968778822BC0E9D020254
                                                                                                                                                                                                                                                                                            SHA-512:51349801F7339A6368182DD3815FDB22E093EEDEBA5EE2B26172426D441DAFAEA9844A9BD430C4CCFCE74DEB8DE7073C67A220ACEE11F388B4E37F8DFC6B5AF4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:eyJJZCI6IjI0Njg3YmFkLTAyMTctNGVjNC04MjQ4LTE1MTBkZGRhOTcwZCIsIkNyZWF0ZWQiOiIyMDI1LTAxLTE0VDExOjAzOjM3LjAyMjc4MTctMDU6MDAiLCJNZXNzYWdlIjoiX0lOSVRfIiwiVGltZW91dCI6IjAwOjAxOjAwIn0=..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):213
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.157395427768146
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:AH2pC5589w3pKFSQOSAMITGPh7YtIBpDX:pw57MSQkTGPpnX
                                                                                                                                                                                                                                                                                            MD5:96A0D89360EC0DF4A4D01DAAF93941B6
                                                                                                                                                                                                                                                                                            SHA1:E3C4352A17773832A4D81173F8D4126AC02E7315
                                                                                                                                                                                                                                                                                            SHA-256:976586145C8E9916F99B0F839BF37F0528B1E23437FB62D9716DF1F073AE3E7E
                                                                                                                                                                                                                                                                                            SHA-512:99002090208A7F740EE8918E852C8B35A827121BD5C961BBC37235F006123C3688A702EFC6134F293DD6CE6D59C6E6F3A7E6827F082F8935596C8543D334B9EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:/i /IntegratorLogin=orcamentos96@gmail.com /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000PPQvXIAX /AgentId=374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3.14/01/2025 11:01:57 Trace Starting..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Acknowledgements.htm

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):157873
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.753497932507659
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:ZHXt/BWDLm8arfT4h6+2j+S64ioX+g15titNI6cSM:gDLmtrfT4hj2ju0X9wGSM
                                                                                                                                                                                                                                                                                            MD5:AB3D7C0401590BBDAF4B3C84592D24D6
                                                                                                                                                                                                                                                                                            SHA1:756F86B49CA2035638F77BBEB60CFE6A827B553E
                                                                                                                                                                                                                                                                                            SHA-256:4428A8B3F1A63312918FF5F8E1D5EE1F6EEBA9D73A336721338D494D2B6E5F6C
                                                                                                                                                                                                                                                                                            SHA-512:24AAC8D02347EF3E226531CA15B71714CB53546C7AA1B4D961A72E097C3528AE2590B00ECBAA7E80815E99FAFB6919D234E957DFCD08467CD753B24C004B6124
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<pre>Acknowledgments....This Splashtop software incorporates materials from third parties, the use of which is hereby acknowledged.....================================================================....AES....Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.....The redistribution and use of this software (with or without changes)..is allowed without the payment of fees or royalties provided that:.... source code distributions include the above copyright notice, this.. list of conditions and the following disclaimer;.... binary distributions include the above copyright notice, this list.. of conditions and the following disclaimer in their documentation.....This software is provided 'as is' with no explicit or implied warranties..in respect of its operation, including, but not limited to, correctness..and fitness for purpose.....================================================================....CELT....Copyright 2001-2009 Jean-Marc Valin, Timothy B. Terri

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):310280
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.406682858396138
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:B2ewUPD+fCEWepqJ1u45FC9xrIaPXiyVfl/7RohyyP16+Dfj8d3:NRPD+KLepIu4qnrIBy/7RoPfO
                                                                                                                                                                                                                                                                                            MD5:FB1A6F0CB84ACB237FF0E42E5CF876A6
                                                                                                                                                                                                                                                                                            SHA1:6CDEBFA5ABBF7BA48179DFF13A1343F3C4D9348F
                                                                                                                                                                                                                                                                                            SHA-256:DA5E12D077875B4F93210B10689F28B6EF33480E3BD2362E80F11EDFF8C9966D
                                                                                                                                                                                                                                                                                            SHA-512:2602908AB2FAF07C1957DAD00960F6432D08BDD7327DB96D1338C87B1E18CB025B381378BA4BC800F558D26D76922E5882481A99B17575D3D48208C289EE3B8D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........PC..C..C......H.............Q....R....I...........F..C../..W...B..W.[.B..C.3.B..W...B..RichC..........................PE..d.....0e.........."....$............H..........@.....................................u....`..................................................F..<.......H.......H'.......(..........@...p...............................@............................................text............................... ..`.rdata...@.......B..................@..@.data....+...`.......F..............@....pdata..H'.......(...Z..............@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK_x86.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):249864
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.627715385431378
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:gbNEPN9Db8oxccZd8lZOWb1yBGAOnpe6nbXcw:gc/8oxc5yBGVpJbXcw
                                                                                                                                                                                                                                                                                            MD5:151AAE6C0F0E40AB4138AF953768AB37
                                                                                                                                                                                                                                                                                            SHA1:18F55A0707EE7140776D7857D0AF56D471289960
                                                                                                                                                                                                                                                                                            SHA-256:F253CE8A8C4CDC4FD7A93A04515B208D461FF6E4076F64431E7EC7E9E5E08923
                                                                                                                                                                                                                                                                                            SHA-512:40FFF8741C8AFB0EF2E6F8F69755F8A2E1F6422943341BBE680EEEFE939731F39E59D1C608B7C23AA649C3F2D93E6104E6B420A755F551F555504E1028B91C68
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.B.>},.>},.>},.../.3},...)..},...(.(},...(./},.../.+},...).q},...-.;},.>}-.]},.*.%.?},.*..?},.>}..?},.*...?},.Rich>},.........................PE..L...+.0e...............$.....2....................@.......................................@................................. p..<.......H................(....... ...H..p........................... H..@...............h............................text............................... ..`.rdata..J...........................@..@.data...p............n..............@....rsrc...H...........................@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):40160
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.316240044981803
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3z+6yz3JqnYCblcp6wOmMQC4cT3AZ21w6LuOBjEwXxyvJ3GB1C2GCTaZum8e:3ByY12kwOm8s2diSXCIB1yC2HT
                                                                                                                                                                                                                                                                                            MD5:1033D6EFB14B7C8308A261E7151A8FDD
                                                                                                                                                                                                                                                                                            SHA1:C331C67E93DA33EAAAAA0A4033855F185A79DE99
                                                                                                                                                                                                                                                                                            SHA-256:6A14EFEE1EAD8592B0E5199DB4E7256462F135D6DC10A803D98D03CFC4F1E678
                                                                                                                                                                                                                                                                                            SHA-512:083C365FD00BDED1637CBA2DDCE2FC3D93A8C60122F01CCD675A13EFF4C7663EE0FCE1B3316755FC971B3A3E6D242E29236180508D03C803950E2159B374767B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........wU.............f.......f...............f.......f.......f.......f.......f.......f......Rich............................PE..d...7.#R.........."......`..........t..........................................................................................................(.......P....`..x...............4....B...............................................@...............................text....".......$.................. ..h.rdata.......@.......(..............@..H.data... ....P.......4..............@....pdata..x....`.......8..............@..HPAGE....f0...p...2...<.............. ..`INIT.................n.............. ....rsrc...P............x..............@..B.reloc...............~..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.68750285687923
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajs/dCiI4FDIIlfILQIIbdELV0Lr+FDIIGKhaL3C:kidCiRxt2QjdRCxeKcL3C
                                                                                                                                                                                                                                                                                            MD5:EBC2A6216B737E813732ECA1BB1F2AF2
                                                                                                                                                                                                                                                                                            SHA1:6E63AB58C2055A3F276C1CD36FA406E37C099099
                                                                                                                                                                                                                                                                                            SHA-256:275C9771ED3AC2ABE0989A114804ADD0CCED09F8A1BFF1633C4F79929921713B
                                                                                                                                                                                                                                                                                            SHA-512:248CD17E4836B429DF0923E8C04FD3F8ECAB7CC8BFF6761F06AAED420111FF5DBADCC974193701DEBF63655CD79E8E0D0B6C7599760B13ABA19B5C0E178BF7EC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd.exe /u stgamepad.inf >> inst.log..utils\devcon.exe install stgamepad.inf root\stgamepad >> inst.log..utils\enum.exe -p 1000 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):232
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.776744518403625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajs/dRLPI4FDIIlBILQIIbdRL6V0Lr+FDIItGKhaL3C:kiddRxr2QjdHCxwKcL3C
                                                                                                                                                                                                                                                                                            MD5:4AD78E888894B3F89711D75D526E2D9A
                                                                                                                                                                                                                                                                                            SHA1:A01DD7B5F20052AB27B721127DAB01A34666D4D9
                                                                                                                                                                                                                                                                                            SHA-256:8B82E0E205711B8A22939AB86BF955DB938D2A733F57E48404DD118B5DDB9AE5
                                                                                                                                                                                                                                                                                            SHA-512:CD6C972070593A6FE09778BC043C84CABE61E96FC3EA1B529D993540678AE0E99A641BFFAB87B3AE954977F0C0A9C639185889421225C185615C4EC34A8699F3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon64.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd64.exe /u stgamepad.inf >> inst.log..utils\devcon64.exe install stgamepad.inf root\stgamepad >> inst.log..utils\enum64.exe -p 1000 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8955
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.156854915296666
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:3F37o7MECwCNnYe+PjPGr9ZCApkT1rrZgjlerpLF+vc1rbrRnJ4aTT:3NEuwCNnYPL/p1P6jeL3JrRiaT
                                                                                                                                                                                                                                                                                            MD5:214E5DB2F6D3FF72B6E4F3BACCD7ECB0
                                                                                                                                                                                                                                                                                            SHA1:64CC6A8F3E79BFA0301924D4A18370CFDD8ED955
                                                                                                                                                                                                                                                                                            SHA-256:C23C1C358705DCE49FD6D1BEB1B0482F74DFCE35FEE7AE4D0C79390385FD22F9
                                                                                                                                                                                                                                                                                            SHA-512:E31E2455A7014937F3E9ECA05D192320CF6159CED333888C6612BE36453F72D76F1015FC1306D41F41CD5F4CB206028ECD99C0F28505D29B6E9E0F497D231D17
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0."...*.H........".0."....1.0...+......0.....+.....7.....{0..w0...+.....7........'PP.M.B.....v..130902014741Z0...+.....7.....0..e0....RA.6.6.8.6.5.4.3.B.1.2.3.6.6.1.8.8.6.3.A.1.F.A.6.3.F.A.2.B.1.4.F.A.8.A.E.5.4.F.A...1..k0>..+.....7...100....F.i.l.e........s.t.g.a.m.e.p.a.d...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........heC.#f..:..?..O..T.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.C.2.3.0.0.C.3.E.9.D.5.2.9.0.A.2.A.4.0.6.2.7.3.A.0.F.8.3.5.8.1.D.3.7.F.F.0.1.8...1..s0>..+.....7...100....F.i.l.e........s.t.g.a.m.e.p.a.d...s.y.s...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1598
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.348428467214068
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:BoJAo10StKRqv8rI3OB/7wBZBZhvC3R7YxGcSF+125dLH/kvGPGo:BoJbkEvReNErZZcQ125CvQR
                                                                                                                                                                                                                                                                                            MD5:5AE5F4B07FABDB969DDA6425E54C4DDD
                                                                                                                                                                                                                                                                                            SHA1:A6686543B1236618863A1FA63FA2B14FA8AE54FA
                                                                                                                                                                                                                                                                                            SHA-256:489CFA94B8FAEA97E0CF73714A65890418247BF34023DC4FDEBB03EF233B12F9
                                                                                                                                                                                                                                                                                            SHA-512:C8751CF986E7A2800924D9707FB40AA95F5EE2431E16D5EEDC583FEA1F5351C95BF3FD90AC0EBD81AFC7262FBFA6C452BF1CA1B908E7360515970F146D0D6E50
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature="$CHICAGO$"..Class=System..ClassGuid={4D36E97D-E325-11CE-BFC1-08002BE10318}..Provider=%splashtop%..DriverVer=05/21/2013,1.0.0.0..CatalogFile=stgamepad.cat....[SourceDisksFiles]..stgamepad.sys = 99....[SourceDisksNames]..99 = %DISK_NAME%,,,""....[SourceDisksNames.AMD64]..99 = %DISK_NAME%,,,\64bits....[DestinationDirs]..DefaultDestDir = 12....[Manufacturer]..%splashtop% = Vendor, NTx86, NTx86.6.1, NTAMD64, NTAMD64.6.1....[Vendor.NTx86]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[Vendor.NTAMD64]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[Vendor.NTx86.6.1]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[Vendor.NTAMD64.6.1]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[StGamepad_Install.NT]..CopyFiles = StGamepad_Install.NT.Copy....[StGamepad_Install.NT.hw]..AddReg = StGamepad_Device_AddReg....[StGamepad_Install.NT.Copy]..stgamepad.sys....[StGamepad_Device_AddReg]....[StGamepad_Install.NT.Service

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):33504
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4990196288743425
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Uwyk2eCK3PRiZ1bcvrlEeT0OEM859sKkgTvEakiX5vFmXhBcfoaM8l1l3nzWPDP8:UupCJeT5EgKkgTMa3VFMmAalaPzumy
                                                                                                                                                                                                                                                                                            MD5:4C3233F0B9A5BC7B58B464C9E1E86D52
                                                                                                                                                                                                                                                                                            SHA1:FCCE254ED5DF8DE6D21623A6E53FA2AEEE030365
                                                                                                                                                                                                                                                                                            SHA-256:832328B8DD98D51A9CE29C3953E85AFB036964299B93B9FB929023F15C63AD9A
                                                                                                                                                                                                                                                                                            SHA-512:884A22B0CE16B91B1A04D6B5E99678CC584484FF5BE3D92ADDB27F0E9D58BFF57A9716C843789F9BD59EC79A55EF342DFD2A0EF39C6E7776CD4FC0211EE8DFCF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i...i...i.......i.....i...h...i.......i.....i.......i.......i.Rich..i.........................PE..L...5.#R.................N..................0.......................................;..........................................<.......P............f.............. 1...............................................0...............................text...(........................... ..h.rdata..V....0......."..............@..H.data...4....@.......*..............@...PAGE.....%...P...&...,.............. ..`INIT....8............R.............. ....rsrc...P............\..............@..B.reloc...............b..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):154
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.715757968072225
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:jTDVBF+jVy9kCCWo7EIbd/KiIKTAxsHs2yo7EIl2YILzDoC:/AjsC3IIbdCiI4FDIIlfILQC
                                                                                                                                                                                                                                                                                            MD5:5D33C035F7B22B463DBD01BC0D31C9E9
                                                                                                                                                                                                                                                                                            SHA1:5345461EF02D330178F047FFBD40C5F4B142A416
                                                                                                                                                                                                                                                                                            SHA-256:45C7D88A3D4643220137D23DBE0EB5CE45DFB6AD16EDC1D6EE4CA8FD1C41AF49
                                                                                                                                                                                                                                                                                            SHA-512:88E339E01417D6EFAA8271E6F3A9D077711508A3EE4D0CF3A95E6607C0282D201633113EACB8A142189F54476AD7B501EAEEA5AC2D9297A06B1A7A55D73B8940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\enum.exe -u 0 >> inst.log..utils\devcon.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd.exe /u stgamepad.inf >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):160
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.807126999960993
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:jTDVBF+jVy9dJFtCWo7EIbdRLX/IKTAxsHs2yo7EIl3xILzDoC:/AjsZW3IIbdRLPI4FDIIlBILQC
                                                                                                                                                                                                                                                                                            MD5:D0E7FCE8A8281FC10CB9548299254079
                                                                                                                                                                                                                                                                                            SHA1:112A4EA65D2CC4A1C57EB6967AC058C8EDE341DE
                                                                                                                                                                                                                                                                                            SHA-256:11F757D09B095A89D52A990149379618551D88E92E1C9BEEFED243A083487260
                                                                                                                                                                                                                                                                                            SHA-512:8132F0DFE0071D3CA3CC5D4CD6ED2634E61314BF6BB84AF5B5F97261E3E26601F1C6AA5C8ABBDA596639CAF4C0E2AFC3A2DE46BB92C199894DD5CFC2DF519CFF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\enum64.exe -u 0 >> inst.log..utils\devcon64.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd64.exe /u stgamepad.inf >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                            MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                            SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                            SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                            SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                            MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                            SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                            SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                            SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                            MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                            SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                            SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                            SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                            MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                            SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                            SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                            SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11776
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.289815206775557
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Qexcism3zhYFH1u0BFhdzQV3TdfPq12pru6JEkb8oHA1Ib/meUmV:QeKduuf1+DEgprhh82Tirm
                                                                                                                                                                                                                                                                                            MD5:5F1E3F3B071AB0D51AB45060D156AF17
                                                                                                                                                                                                                                                                                            SHA1:2FFCC9CC689C7C3DA18DF015C4BCC880F185C800
                                                                                                                                                                                                                                                                                            SHA-256:B628E895BFC38227DB258DB91959C6D55367877669944DA022A89469101D8BCF
                                                                                                                                                                                                                                                                                            SHA-512:3EAAB54CD58350BADBE0F32B78BA7EA8EA50072AA159A3A36AD730116247D225C164CFCAFFE920C34D9287E55E68D933A92D4F7E7D3CEF9E8E3F185DAB629BC7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.9...W...W...W.......W.......W.......W......W...V.O.W.....].W.?{)...W.......W.......W.Rich..W.........PE..L...5.#R............................p........0....@..........................`......F.....@...... ..........................,%..P....@..8....................P..........................................@............................................text............................... ..`.data........0......................@....rsrc...8....@......."..............@..@.reloc.......P.......(..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11776
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.886509604340361
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:reQH6MzhfmNHuhv9LIFJxGNIiTwnPXIXBY+CzASxvh1b7sAmIb/IeUmV:rezev9cGNIiTGOY9Dxvh1xUrm
                                                                                                                                                                                                                                                                                            MD5:815848A1B7AA76DE38315A7C796165DE
                                                                                                                                                                                                                                                                                            SHA1:131016320240F5760853BB0AE8ED34CE8865C4B5
                                                                                                                                                                                                                                                                                            SHA-256:99FF169E6114BA53DDC6BFCDB08CF73CB1104E69EEDC2A13F39605A96CAA5367
                                                                                                                                                                                                                                                                                            SHA-512:3A9453528FC5335AFF02717EE7271EBE253CF986FE71B7CE4BE4B060BE7EF625EA33877F98B2DEA54432A2F7625314A5B3DCF57518209E818EC03589257E69F6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Kf................U.......C.0.....D.......S.....y...........n...y.........I.....(.........T.......Q.....Rich............PE..d...7.#R..........".................H.........@..............................p......|.....@.......... ......................................`$..P....P..8....@...............`..........................................................X............................text............................... ..`.data........0......................@....pdata.......@.......$..............@..@.rsrc...8....P.......&..............@..@.reloc..h....`.......,..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1416
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.221234341229966
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:VrY6t5UbhKRvV2ktXrTsIeZvEMtXrGrJKhrlXgpAY1u5lSuWJmiDUNLk32pNaf1E:5Y6qhKT2mvsIeZvEuarJKhpXo1moJmiI
                                                                                                                                                                                                                                                                                            MD5:BECB66962164A387453E351769E665A4
                                                                                                                                                                                                                                                                                            SHA1:D5651F9CE02E1D48E85A33DCAFB906F3DC575365
                                                                                                                                                                                                                                                                                            SHA-256:294AE63315DCFCBA4F8BB30BC4098E6BF39281244BC215FE9EB8EA3B778CEC48
                                                                                                                                                                                                                                                                                            SHA-512:03523212E1827635EB2573ABE2B1A3D66BA529990917B739AF6B2C6727223D2E99E4A353B21F2871FFBCA44D22623409EA1451CF0A0ADBED9C0E8DBB6E55C6CF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x86\my_setup.dll....REM..REM If OSBase/KairOS driver is previously installed, stop the installation...REM..sc query ddmgr..IF %ERRORLEVEL% EQU 0 (.. echo OSBase iDisplay driver detected! Try uninstall OSbase/KairOS iDisplay software... goto exit..)....REM..REM If older driver (lci_proxykmd) is previously installed, stop the installation...REM..sc query lci_proxykmd..IF %ERRORLEVEL% EQU 0 (.. echo Older display driver detected! Uninstall it first.. %DEVCMD% do_uninstall_lci_proxykmd .. timeout /t 1 /nobreak.. sc.exe delete lci_proxykmd....:wait_for_delete.. sc query lci_proxykmd.. if %ERRORLEVEL% EQU 0 (.. timeout /t 1 /nobreak.. goto wait_for_delete.. )..... timeout /t 1 /nobreak.... del %

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1414
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.220204645552163
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:VrY6t5UbhKdvV2ktXrTsIeZvEMtXrGrJKhrlXgpAY1u5lSuWJmiDUNLkQ2pNaf1E:5Y6qhK32mvsIeZvEuarJKhpXo1moJmiX
                                                                                                                                                                                                                                                                                            MD5:B80450985E33B188398EF5475FE3A4BA
                                                                                                                                                                                                                                                                                            SHA1:6699FE7C174A9A585E3559A16877B5555687F6F0
                                                                                                                                                                                                                                                                                            SHA-256:760BC44295820C5AF7E2D5077CE05EED8E23B3EF344D5C6C48422818DDE78D41
                                                                                                                                                                                                                                                                                            SHA-512:BA29A71114A86E10ACE80F5B039DB68F4FE3BFD5592ECC6511D9AA0235E75ACFA188909EE0453593EBEFDB33DB46D1272C98A44350ABB24810C52FDEE817853F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x64\my_setup.dll....REM..REM If OSBase/KairOS driver is previously installed, stop the installation...REM..sc query ddmgr..IF %ERRORLEVEL% EQU 0 (.. echo OSBase iDisplay driver detected! Try uninstall OSbase/KairOS iDisplay software... goto exit..)....REM..REM If older driver (lci_proxykmd) is previously installed, stop the installation...REM..sc query lci_proxykmd..IF %ERRORLEVEL% EQU 0 (.. echo Older display driver detected! Uninstall it first.. %DEVCMD% do_uninstall_lci_proxykmd .. timeout /t 1 /nobreak.. sc.exe delete lci_proxykmd....:wait_for_delete.. sc query lci_proxykmd.. if %ERRORLEVEL% EQU 0 (.. timeout /t 1 /nobreak.. goto wait_for_delete.. )..... timeout /t 1 /nobreak.... del %

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):805
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.339948574341861
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:V8pgfeV4BZAK/1AN6gizSnOf6DE6Z9wmhKRvVLymhMm0KuKDLGuKw61IfQHyoHHO:VSIBBY6t5UbhKRvV7e6LpIJHT5C
                                                                                                                                                                                                                                                                                            MD5:704D1CC8E0B87710278CE3EFD1C17954
                                                                                                                                                                                                                                                                                            SHA1:EDF2D7FED5D3D88A657732B37C72E4CDEE90D12D
                                                                                                                                                                                                                                                                                            SHA-256:FAB1408C7DE4B76FA3AF7AD4C9F25DF2063C591CDFC46445999D31B4DB712208
                                                                                                                                                                                                                                                                                            SHA-512:6061B9BB1A4D55FD916A44C8619356DC4ED40C284F91FC2114CD5974533F762F88B4E0C49A265E96AD1E122ACFBA947D02AA3B11E43115D247FA0868661BDC3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....reg delete "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /v "VirtualDisplay" /f....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x86\my_setup.dll....echo removing LCI PROXY WDDM Device.......%DEVCMD% do_uninstall_lci_proxykmd..%DEVCMD% do_uninstall_lci_proxywddm....timeout /t 1 /nobreak..sc.exe delete lci_proxykmd..sc.exe delete lci_proxywddm....timeout /t 2 /nobreak..del %SystemRoot%\System32\lci_proxyumd.dll..del %SystemRoot%\System32\drivers\lci_proxykmd.sys..del %SystemRoot%\System32\drivers\lci_proxywddm.sys..del %SystemRoot%\System32\drivers\UMDF\lci_iddcx.dll....:exit..ENDLOCAL

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):817
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.35613829912293
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:V8pgMyeV4BZAK/1AN6gizSnOf6DE6Z9wmhKdWiVLymhMm0KuKDLGuKw61IfQHyoO:VS3sBBY6t5UbhKdvV7e6LpIJHT5C
                                                                                                                                                                                                                                                                                            MD5:319DCF0B017DAFA51C33A7489D123F91
                                                                                                                                                                                                                                                                                            SHA1:60F8E32A2E7E05F2384D8B66E51F8FF1DE70AC10
                                                                                                                                                                                                                                                                                            SHA-256:44A271D1DD10FFC85815DF277E708BE462CC5AFABC43BD0D7A9505E35A70E488
                                                                                                                                                                                                                                                                                            SHA-512:EE6403E7069C1185F6F34A02DA2DE1FEC2F859E89523B769CF9EFDCAA2CD9E5AFA501ADC38169A86D86DA1570C789116A29C2485F87201CFD2A770EC447A55C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....reg delete "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /v "VirtualDisplay" /f....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x64\my_setup.dll....echo removing LCI PROXY WDDM Device.......%DEVCMD% do_uninstall_lci_proxykmd..%DEVCMD% do_uninstall_lci_proxywddm....timeout /t 1 /nobreak..sc.exe delete lci_proxykmd..sc.exe delete lci_proxywddm....timeout /t 2 /nobreak..del %SystemRoot%\System32\lci_proxyumd.dll..del %SystemRoot%\System32\drivers\lci_proxykmd.sys..del %SystemRoot%\System32\drivers\lci_proxywddm.sys..del %SystemRoot%\System32\drivers\UMDF\lci_iddcx.dll....:exit..ENDLOCAL

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):85216
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.323561566613011
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:34rhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkApiKB:K+KY04RMmSCYmBiF4O7WTgKB
                                                                                                                                                                                                                                                                                            MD5:CD483270630CCABBD1902C6B21FBE9D3
                                                                                                                                                                                                                                                                                            SHA1:B33C3139DD83F108591383449D4F9136189D8F97
                                                                                                                                                                                                                                                                                            SHA-256:49D6B913A4095A3E7B14554C91942BD5CDDDF9DCFDB076B31921592AFF1BC135
                                                                                                                                                                                                                                                                                            SHA-512:DC92ED176DBB7CC27BE1FFF90F875B2582869465156BD70F363902524C716822FB9657AA944A6F02CB1E77271F3D24F8667F4A678F5BB5B5846AB18E455A731F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P......F.....@...... ..........................lm..........p............0.......@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):89312
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.29323585141242
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:UP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7WsK6:UePOYe4bu1epDh8RWsK6
                                                                                                                                                                                                                                                                                            MD5:07361279885BC0B334DDF5754CDB12FE
                                                                                                                                                                                                                                                                                            SHA1:63A7320CD6992E2509EB1D82D550B1AA5FEA6A47
                                                                                                                                                                                                                                                                                            SHA-256:96411A783BAA574421659E73B11F111A0EEB3D9B105CA55E29FE6C0B820646F7
                                                                                                                                                                                                                                                                                            SHA-512:D07F5DFFEAD4470CAA935F6CD250DF9CA77A2D28C0B84112D83CE9ED7AC7A01CB012773FB290612E4DE45776BB919C395533AD3AD5497A3469BFE5B43FB5D1E8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......Mz....@.......... ......................................X}..........p.......T....@.......`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10957
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.22853921730831
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:0gNqq6a1DUuvE7EwWZhYC/nnbXfH098uXqnajH/svHa:0gEy9Zh3/njXuXlTsPa
                                                                                                                                                                                                                                                                                            MD5:62458E58313475C9A3642A392363E359
                                                                                                                                                                                                                                                                                            SHA1:E63A3866F20E8C057933BA75D940E5FD2BF62BC6
                                                                                                                                                                                                                                                                                            SHA-256:85620D87874F27D1AAF1743C0CA47E210C51D9AFD0C9381FC0CD8ACCA3854562
                                                                                                                                                                                                                                                                                            SHA-512:49FB8CA58AECF97A6AB6B97DE7D367ACCB7C5BE76FBCD324AF4CE75EFE96642E8C488F273C0363250F7A5BCEA7F7055242D28FD4B1F130B68A1A5D9A078E7FAD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.*...*.H........*.0.*....1.0...`.H.e......0..=..+.....7......0..*0...+.....7......?~..S.N.j....J...181204081131Z0...+.....7.....0...0......e.Q.82....jG.8....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...i.n.f...0.... _...U...woq..2..:.V.kx........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... _...U...woq..2..:.V.kx........0.... `...m..d..E.f|.R.o../.ziR&7.._..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... `...m..d..E.f|.R.o../.ziR&7.._..0....d}...))...3e...u...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4514
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7887986776100973
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:9G2XN/WAXHQ+C2C4kqWDZXpbdl5Vjnijla4UAiI6fOgTiYqG585wg3Jp:9L5EDNRniWI6fyw5I
                                                                                                                                                                                                                                                                                            MD5:1CEC22CA85E1B5A8615774FCA59A420B
                                                                                                                                                                                                                                                                                            SHA1:049A651751EF38321A1088AF6A47C4380F9293FC
                                                                                                                                                                                                                                                                                            SHA-256:60A018F46D17B7640FC34587667CD852A16FA8E82F957A69522637F22E5FE5CF
                                                                                                                                                                                                                                                                                            SHA-512:0F24FE3914AEF080A0D109DF6CFAC548A880947FB85E7490F0D8FA174A606730B29DC8D2AE10525DBA4D1CA05AC9B190E4704629B86AC96867188DF4CA3168BB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..;.....;.M.o.d.u.l.e. .N.a.m.e.:.....;. . . . .l.c.i._.i.d.d.c.x...i.n.f.....;.....;.A.b.s.t.r.a.c.t.:.....;. . . . .I.N.F. .f.i.l.e. .f.o.r. .i.n.s.t.a.l.l.i.n.g. .t.h.e. .L.C.I. .I.D.D.C.X. .D.r.i.v.e.r.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s.G.U.I.D. .=. .{.4.D.3.6.E.9.6.8.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s. .=. .D.i.s.p.l.a.y.....C.l.a.s.s.V.e.r. .=. .2...0.....P.r.o.v.i.d.e.r.=.%.L.C.I.%.....C.a.t.a.l.o.g.F.i.l.e.=.l.c.i._.i.d.d.c.x...c.a.t.....D.r.i.v.e.r.V.e.r.=.1.2./.0.4./.2.0.1.8.,.1...0...2.0.1.8...1.2.0.4.........[.D.e.s.t.i.n.a.t.i.o.n.D.i.r.s.].....D.e.f.a.u.l.t.D.e.s.t.D.i.r. .=. .1.2.....U.M.D.r.i.v.e.r.C.o.p.y.=.1.2.,.U.M.D.F. .;. .c.o.p.y. .t.o. .d.r.i.v.e.r.s.\.u.m.d.f.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...x.8.6.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...a.m.d.6.4.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_proxywddm.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12585
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.124479508046628
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:M9yLPtUtkB7uIqhmbgE7EwWZhYCyZR/HsgKqnajVhY2c8evGd:gZO49Zh3e1MgKlxW2c8eed
                                                                                                                                                                                                                                                                                            MD5:8E16D54F986DBE98812FD5EC04D434E8
                                                                                                                                                                                                                                                                                            SHA1:8BF49FA8E12F801559CC2869365F0B184D7F93FE
                                                                                                                                                                                                                                                                                            SHA-256:7C772FB24326E90D6E9C60A08495F32F7D5DEF1C52037D78CBD0436AD70549CD
                                                                                                                                                                                                                                                                                            SHA-512:E1DA797044663AD6362641189FA78116CC4B8E611F9D33C89D6C562F981D5913920ACB12A4F7EF6C1871490563470E583910045378BDA5C7A13DB25F987E9029
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.1%..*.H........1.0.1....1.0...`.H.e......0.....+.....7......0...0...+.....7.....tW...d#O...L<":4..181204083207Z0...+.....7.....0...0....!,..8.'T......\.b.\s1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0F..+.....7...1806...F.i.l.e.......$l.c.i._.p.r.o.x.y.w.d.d.m...s.y.s...0....;~.Y&h.L..@.ds. .A..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."l.c.i._.p.r.o.x.y.u.m.d...d.l.l...0.... \...s .p.mI^1:.M5KEO4..?l......1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."l.c.i._.p.r.o.x.y.u.m.d...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... \...s .p.mI^1:.M5KEO4..?l......0.... \...s .p.mI^1:.M5KEO4..?l......1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0H..+.....7...1:08...F.i.l.e.......&l.c.i._.p.r.o.x.y.u.m.d.3.2...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e.....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_proxywddm.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2715
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.41680725095282
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qnchtOKbzLbS10bzPbSvb/mwwophwwoJOxWqrz61/zA9cjiJIjgW5FH1519HS4Bc:Pkua1YuSnEhn/A7ic4d4y
                                                                                                                                                                                                                                                                                            MD5:0315A579F5AFE989154CB7C6A6376B05
                                                                                                                                                                                                                                                                                            SHA1:E352FF670358CF71E0194918DFE47981E9CCBB88
                                                                                                                                                                                                                                                                                            SHA-256:D10FA136D6AE9A15216202E4DD9F787B3A148213569E438DA3BF82B618D8001D
                                                                                                                                                                                                                                                                                            SHA-512:C7CE8278BC5EE8F8B4738EF8BB2C0A96398B40DC65EEA1C28688E772AE0F873624311146F4F4EC8971C91DF57983D2D8CDBEC1FE98EAA7F9D15A2C159D80E0AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:;..;..;Module Name:..;..; lci_proxywddm.inf..;..;Abstract:..; LuminonCore Display Proxy Driver..;..;..[Version]..Signature="$WINDOWS NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider=%LCI%..DriverVer=12/04/2018,1.0.2018.1204..CatalogFile=lci_proxywddm.cat....[DestinationDirs]..DefaultDestDir = 12..lci_proxywddm.CopyFiles = 12 ; drivers..lci_proxyumd.CopyFiles = 11 ; system32..lci_proxyumdwow.CopyFiles = 10, SysWow64 ; x64-specific....[SourceDisksNames.x86]..1=%DiskId1%, lci_proxywddm.sys,,\x86..1=%DiskId1%, lci_proxyumd.dll,,\x86....[SourceDisksNames.amd64]..1=%DiskId1%, lci_proxywddm.sys,,\x64..1=%DiskId1%, lci_proxyumd.dll,,\x64..1=%DiskId1%, lci_proxyumd32.dll,,\x64....[SourceDisksFiles.x86]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1....[SourceDisksFiles.amd64]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1..lci_proxyumd32.dll = 1......;*****************************************

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_iddcx.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.555505359489877
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:q4+LP4B5MAHFQq4OSGtGkVPKLIy0uwc0yeuUjsVbGVjp3haxZ3vOoKn:q4+LS5XYOSk1Kky0uww6s5mN3haxZI
                                                                                                                                                                                                                                                                                            MD5:01E8BC64139D6B74467330B11331858D
                                                                                                                                                                                                                                                                                            SHA1:B6421A1D92A791B4D4548AB84F7140F4FC4EB829
                                                                                                                                                                                                                                                                                            SHA-256:148359A84C637D05C20A58F5038D8B2C5390F99A5A229BE8ECCBB5F85E969438
                                                                                                                                                                                                                                                                                            SHA-512:4099E8038D65D95D3F00FD32EBA012F55AE16D0DA3828E5D689EF32E20352FDFCC278CD6F78536DC7F28FB97D07185E654FE6EEE610822EA8D9E9D5AF696DFF5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........N.9./.j./.j./.j.q.k./.j.q.k./.j.q.k./.j.r.k./.j.WQj./.j.r.k./.j./.j./.j'.7j./.j'.3j./.j'.0j./.j.r.k./.j.q.k./.j.q.k./.j.q.k./.j.q=j./.j.q.k./.jRich./.j........................PE..d....%.\.........." .....X...@......@T....................................................`.........................................P...P................................?.......... ...8...........................`................p...............................text....V.......X.................. ..`.rdata...%...p...&...\..............@..@.data...0...........................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184016
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.2322376663017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:uSNRRE5JX6GkYj9i/hXJTqHDh3ibNrg4WhC8MFMbgGYgITUP4uvo4B:uS6Pb5KnT2dSNsC+gGx62v/
                                                                                                                                                                                                                                                                                            MD5:4DC11547A5FC28CA8F6965FA21573481
                                                                                                                                                                                                                                                                                            SHA1:D531B0D8D2F8D49D81A4C17FBAF3BC294845362C
                                                                                                                                                                                                                                                                                            SHA-256:E9DB5CD21C8D709A47FC0CFB2C6CA3BB76A3ED8218BED5DC37948B3F9C7BD99D
                                                                                                                                                                                                                                                                                            SHA-512:BD0F0A3BBC598480A9B678AA1B35728B2380BF57B195B0249936D0EAAA014F219031A563F486871099BF1C78CCC758F6B25B97CFC5296A73FC60B6CAFF9877F6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vj..7.R.7.R.7.R.j.S.7.R.j.S.7.R.i.S.7.R.i.S.7.R.i.S.7.R.j.S.7.R.7.R.7.R.j.S.7.RMi.S.7.RMi.S.7.RMi.S.7.RHi.R.7.RMi.S.7.RRich.7.R........PE..d....%.\.........." .....r...*............................................................`.........................................`M.......M..<................(.......@...........:..8...........................@:..................X............................text...`q.......r.................. ..`.rdata...............v..............@..@.data........`.......>..............@....pdata...(.......*...J..............@..@.gfids...............t..............@..@.rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):138960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.622950914796068
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Pi+6wKkplcu1L3/xFxqFYOA555ZRlremv59jYqN:6+9cu1oF/AnqqN
                                                                                                                                                                                                                                                                                            MD5:67AE7B2C36C9C70086B9D41B4515B0A8
                                                                                                                                                                                                                                                                                            SHA1:BA735D6A338C8FDFA61C98F328B97BF3E8E48B8B
                                                                                                                                                                                                                                                                                            SHA-256:79876F242B79269FE0FE3516F2BDB0A1922C86D820CE1DD98500B385511DAC69
                                                                                                                                                                                                                                                                                            SHA-512:4D8320440F3472EE0E9BD489DA749A738370970DE07B0920B535642723C92DE848F4B3D7F898689C817145CE7B08F65128ABE91D816827AEB7E5E193D7027078
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....%.\...........!.....6..................P...............................0.......4....@.....................................<........................@..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):122576
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.535740565012407
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:dfSVevFp3FKtVy8ka9N9UOUNFZWEw+1M4hyFi:BSYNpkUOUrgxeMlo
                                                                                                                                                                                                                                                                                            MD5:B9B0E9B4D93B18B99ECE31A819D71D00
                                                                                                                                                                                                                                                                                            SHA1:2BE1AD570F3CCB2E6F2E2B16D1E0002CA4EC8D9E
                                                                                                                                                                                                                                                                                            SHA-256:0F1C64C0FA08FE45BEAC15DC675D3B956525B8F198E92E0CCAC21D2A70CE42CF
                                                                                                                                                                                                                                                                                            SHA-512:465E389806F3B87A544AB8B0B7B49864FEEBA2EEEF4FB51628D40175573ED1BA00B26D6A2ABEBC74C31369194206ED31D32C68471DDDCF817FDD2D26E3DA7A53
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C^./.?.|.?.|.?.|jb.}.?.|.?.|d?.|jb.}.?.|jb.}.?.|jb.}.?.|.a.}x?.|.a7|.?.|.a.}.?.|Rich.?.|........PE..d....%.\.........."......N...N......,..........@................................................................................................(............@...........@......L.......8............................................................................text............................... ..h.rdata..l,..........................@..H.data........0......................@....pdata.......@......."..............@..H.gfids.......P.......2..............@..HPAGE.....R...`...T...4.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..L...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\my_setup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23528
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.370136009210867
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:6kV9C2/s2Abnkr+YcSIVO67k5hVAi59RKzOqUIUz8JN77hhM/l:vP0bE+YHIO67kLZVj83ha/l
                                                                                                                                                                                                                                                                                            MD5:D53AD812F1146CDDEA6A89806CC2439A
                                                                                                                                                                                                                                                                                            SHA1:5102973DF29B7E70AD8845D3B5FA36DBEF294D56
                                                                                                                                                                                                                                                                                            SHA-256:009DFAD5DEA03EA0C0B963EEA9CDCDB78668C8B35C19E2B92311D8703F00D6D2
                                                                                                                                                                                                                                                                                            SHA-512:38C2BFF7125F5BFD51A5D4D49D3C68BBCF9065057686AF8CAF7C3025BAE27CDFF4928BFB37C26A6ABAA750C699B99619E874CDD5EEF79F0E4010BB9ACCE56085
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..D.|...|...|..v...~|...|..B|..v...r|..v...t|..v...~|..v...~|..v...~|..Rich.|..........PE..d....%.\.........." .....6...........1...............................................Q....@.........................................pC.......;...............`.......@.......p..0... ................................................................................text....4.......6.................. ..`.data...@....P.......:..............@....pdata.......`.......<..............@..@.reloc..Z....p.......>..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_iddcx.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):48640
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8164297445194135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xbWmecDs6zvVt94VbJqvhkqskgSjySwigs2K5m6Vj83h57zZ3ao:xbM6JX0Jq5kNGUsn5maI3h57zZ
                                                                                                                                                                                                                                                                                            MD5:6A0CCBFF305B23A4BAE471025EC28D52
                                                                                                                                                                                                                                                                                            SHA1:02519EC7FCC88969621B6DC7F1294DA4EA6EA611
                                                                                                                                                                                                                                                                                            SHA-256:6659E90D80A2FA0CF9F6CE40E511D8763664E78820F27081935AC1BFD4723A19
                                                                                                                                                                                                                                                                                            SHA-512:4D357E3E9B19E2C18D1D3A1E6916C542243D6FF24D783A526B9E1C1605C328CD079A77AEE38DFF19BEC66E584CFDB4DF910CF98DF668D1EB2E825E2D36F816F2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................................................A................x)'....x) ..........[......[......[......^.-....[......Rich...................PE..L....%.\...........!.....N...2.......E.......`......................................}.....@..........................p..T....q.......................~...@..........0l..8...........................hl...............`..H............................text...;L.......N.................. ..`.rdata..\....`.......R..............@..@.data................n..............@....gfids...............p..............@..@.rsrc................r..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):138984
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.623789818078503
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:0i+6wKkplcu1L3/xFxqFYOA555ZRlremv59jY3v:7+9cu1oF/Anq3v
                                                                                                                                                                                                                                                                                            MD5:4276EDDE541ED3F488FA26778BDBB0D9
                                                                                                                                                                                                                                                                                            SHA1:16E06CA60A9F8BCA515D193DFD28B120446BC178
                                                                                                                                                                                                                                                                                            SHA-256:617F731B8F55F1AC23E47FE3C7CFD1110F198A5A9EB207FC485F739808446808
                                                                                                                                                                                                                                                                                            SHA-512:280D6C3A85B26B4EE57534D33F035063B1DD56BA3671B48700833E4A61BEF1805C86316888AA5D8645603CA655F4172311B20C98533058823734C276A3CEA66B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....%.\...........!.....6..................P...............................0.......|....@.....................................<........................@..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):138960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.623166316895491
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:3i+6wKkplcu1L3/xFxqFYOA555ZRlremv59jYWB:S+9cu1oF/AnqWB
                                                                                                                                                                                                                                                                                            MD5:7CC448724952FA3B42A7B16DCBD4B50B
                                                                                                                                                                                                                                                                                            SHA1:65CC211E57AE073EA89B188B66D3D473B403DEF5
                                                                                                                                                                                                                                                                                            SHA-256:D90F351153CA9A51ECC24575B6A586A9A01AF24BD84F552F8305201260EE486A
                                                                                                                                                                                                                                                                                            SHA-512:1C8F6034B4BA71C5D4508263DEDB00098C583F7EA4F39AE281E680C8DDA3583A0FE7FD00DD601E652CA0D301D29800AD13FC102038D4A836F99D44E331D3B2FD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....%.\...........!.....6..................P...............................0............@.....................................<........................@..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):95464
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7987777090492445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:nbZYULZ73iO/kwji3FWx+FJ4gwgDNSV2U5ANaudsJvdjsCIrqhZxu3hUlZNO:nHL53D/djPxaJ4gGQU5ANaudsjg9+hZk
                                                                                                                                                                                                                                                                                            MD5:21E18A96C9A2E6F0838DA7BBD272CE21
                                                                                                                                                                                                                                                                                            SHA1:C940F5069CE95083865D2D985682D51296B81257
                                                                                                                                                                                                                                                                                            SHA-256:6CA7A9B8F2600181A4D47FA7090FF37E412687E7EA64BA5CAC4319277BE60C74
                                                                                                                                                                                                                                                                                            SHA-512:1819469664C0DDE5ADFDA140313C32F9874301E103FF74E95AC684BAB71D06668299B8092564993727DF380E276B2400C1E1025D9527F637826BFCDFC9D78E66
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................................8......=.=....8......Rich....................PE..L....%.\.....................*.......@............@..........................p......`.......................................4A..<....P...............4...@...`..x... ...8...........................X...@............................................text...|........................... ..h.rdata..D...........................@..H.data...............................@...PAGE.....?.......@.................. ..`INIT....r....@...................... ..b.rsrc........P.......$..............@..B.reloc..x....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\my_setup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20968
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.629648031240336
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:uMuUBfWPmqKebW1j2zAAHOOntqVuvTRKzOqUAY8JN77hhecs:JHqKyWMvUutVjO3hob
                                                                                                                                                                                                                                                                                            MD5:955C309947C5CAEFFB429DBF12DC13A1
                                                                                                                                                                                                                                                                                            SHA1:5079A801E91F9ACBE996FBCAE6D402B7E5FC72D9
                                                                                                                                                                                                                                                                                            SHA-256:59BBC2EBBA9CD056FBA8B80FC0E5DA9540D6E50F419216A1BB2A4B3E95AFB480
                                                                                                                                                                                                                                                                                            SHA-512:BD4BBE228378466AD50F2B734438DDBD4FE8F6C7C3B573080834321C99E748512BE8511A927D4FD8B00635D320BEF7B245E05F174988F283B4339E1F8CED1BCE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=5.:yT.iyT.iyT.ip,QixT.iyT.iET.ip,WitT.ip,VixT.ip,GitT.ip,UixT.iRichyT.i........................PE..L....%.\...........!.....,..........-/.......@...............................`.......y....@......................... :......|3.......................6.......P..4...................................(...@............................................text....*.......,.................. ..`.data........@.......0..............@....reloc.......P.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_iddcx.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10660
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.072232435699263
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:2vBYcjEdZubhLtaSu9sZscF8Bd1LUEduasnZH5:B0+ZKoqZsHLUHPnh5
                                                                                                                                                                                                                                                                                            MD5:CCC20AC60F19430FBFDA6D49F164654C
                                                                                                                                                                                                                                                                                            SHA1:425253D81B930175321A9B54AB4B6D736D6AF8A2
                                                                                                                                                                                                                                                                                            SHA-256:D96B2FBFDD9245EA1D46994183917340912FE9A07AC569B4F70AD51123E55EDB
                                                                                                                                                                                                                                                                                            SHA-512:F9B9AB9DCF0286F2A5635DD8BE1DF5F7718017EC580B46A217EC4B77615F7D7F0FEF4484886884A912172BF8F6C16252AD5E982205AACAB73152F65A67951475
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.)...*.H........).0.)....1.0...`.H.e......0..M..+.....7.....>0..:0...+.....7..........Q.E..\>.i+...171023021614Z0...+.....7.....0...0....R5.3.3.7.3.F.4.5.5.C.1.1.5.0.1.F.5.3.6.B.3.1.E.4.3.E.0.4.0.D.4.C.C.6.A.8.2.0.3.4...1..K0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........S7?E\.P.Sk1.>..L. 40V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RB.5.5.0.5.C.6.8.0.6.1.6.0.4.1.9.C.1.F.7.1.F.4.A.8.0.8.4.4.C.A.8.5.9.D.3.9.9.F.8...1..K0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........P\h.......J..L.Y..0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.2.E.E.E.C.2.3

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_iddcx.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4514
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7907010583152645
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:9G2XNDctEXHQ+C2C4kqWDZXpbdl5Vjnijla4UAiI6fOgTiYqG585wg3Jp:9XcWEDNRniWI6fyw5I
                                                                                                                                                                                                                                                                                            MD5:9CF8CFC1E0815F7D72D136DE87B08EEA
                                                                                                                                                                                                                                                                                            SHA1:F2EEEC23EC55758E5072619B62E6851234FA6D3C
                                                                                                                                                                                                                                                                                            SHA-256:9CA9C7A430D0B608F1A6ADDD9E2C17BF79845783356CE6230ECA1942A061B157
                                                                                                                                                                                                                                                                                            SHA-512:6D3FEE674C83B1E68CAE7F079F74A70931D432751420300DB77DB2B237A88D81AC3CD8B4B82532DCDDEE5D1DBEF3077ACD97B5890DFA0A497B97D7594E3C15F9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..;.....;.M.o.d.u.l.e. .N.a.m.e.:.....;. . . . .l.c.i._.i.d.d.c.x...i.n.f.....;.....;.A.b.s.t.r.a.c.t.:.....;. . . . .I.N.F. .f.i.l.e. .f.o.r. .i.n.s.t.a.l.l.i.n.g. .t.h.e. .L.C.I. .I.D.D.C.X. .D.r.i.v.e.r.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s.G.U.I.D. .=. .{.4.D.3.6.E.9.6.8.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s. .=. .D.i.s.p.l.a.y.....C.l.a.s.s.V.e.r. .=. .2...0.....P.r.o.v.i.d.e.r.=.%.L.C.I.%.....C.a.t.a.l.o.g.F.i.l.e.=.l.c.i._.i.d.d.c.x...c.a.t.....D.r.i.v.e.r.V.e.r.=.1.0./.2.3./.2.0.1.7.,.1...0...2.0.1.7...1.0.2.3.........[.D.e.s.t.i.n.a.t.i.o.n.D.i.r.s.].....D.e.f.a.u.l.t.D.e.s.t.D.i.r. .=. .1.2.....U.M.D.r.i.v.e.r.C.o.p.y.=.1.2.,.U.M.D.F. .;. .c.o.p.y. .t.o. .d.r.i.v.e.r.s.\.u.m.d.f.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...x.8.6.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...a.m.d.6.4.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_proxywddm.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11975
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.929505838705397
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qRVW/ujEdZubhLtaSu9sZscF8Bd1LUY6uasnZHou49L:k+ZKoqZsHLUcPnhou4t
                                                                                                                                                                                                                                                                                            MD5:186504237027590F25BEA0EC539256C8
                                                                                                                                                                                                                                                                                            SHA1:A74309D7CFA8EF410EC85D3801D27291E8BC915A
                                                                                                                                                                                                                                                                                            SHA-256:4CBD88D04F9C3B3DE3625B25049EA6B7C1614FFEA8730667BFF01DD210415ED1
                                                                                                                                                                                                                                                                                            SHA-512:9D4B89A95DBF8D0ABFC55AE44C9CBFB29EB64AB1FFFBB81FFAB4308ED4CFD040F9A883B2B7B7A375B1675DD08532378C38410F4DB737FBDA2913EB28DE18A933
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.....*.H..........0......1.0...`.H.e......0..p..+.....7.....a0..]0...+.....7........6Q..G...Z-.....171023021614Z0...+.....7.....0...0....R3.3.1.5.E.7.A.8.9.7.B.E.4.1.D.7.B.F.9.6.3.D.7.3.4.B.9.E.D.3.4.A.B.4.2.8.B.3.4.3...1..S0F..+.....7...1806...F.i.l.e.......$l.c.i._.p.r.o.x.y.w.d.d.m...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........3...A..=sK..J.(.C0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.1.F.E.C.F.B.D.C.E.6.5.6.6.2.5.C.6.1.8.C.1.4.4.2.3.4.D.6.E.B.9.4.3.9.B.A.C.E.2...1..Q0D..+.....7...1604...F.i.l.e......."l.c.i._.p.r.o.x.y.u.m.d...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........q...ef%...D#Mn.C...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_proxywddm.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2715
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.418922446200014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qnch1OKbzLbS10bzPbSvb/mwwophwwoJOxWqrz61/zA9cjiJIjgW5FH1519HS4Bc:Pcua1YuSnEhn/A7ic4d4y
                                                                                                                                                                                                                                                                                            MD5:07DC873615C74141FB8A646F6FE1D378
                                                                                                                                                                                                                                                                                            SHA1:7E2D32A5ACE72B7F3919215B707096B52CC3B5EC
                                                                                                                                                                                                                                                                                            SHA-256:F97F4A79BF9ACB0D7FFB257CB3E16687F6281B8687C79361B680764F3427EF61
                                                                                                                                                                                                                                                                                            SHA-512:8D59EBD58BFCDBD0115C22148DDFB1DE73E3D0C2AA42B2772B75F12D76BFA4FC3E8356346F0BE9B8F5631443FBCCCFD63354235E701A966CE104BDDC9A4987AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:;..;..;Module Name:..;..; lci_proxywddm.inf..;..;Abstract:..; LuminonCore Display Proxy Driver..;..;..[Version]..Signature="$WINDOWS NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider=%LCI%..DriverVer=10/23/2017,1.0.2017.1023..CatalogFile=lci_proxywddm.cat....[DestinationDirs]..DefaultDestDir = 12..lci_proxywddm.CopyFiles = 12 ; drivers..lci_proxyumd.CopyFiles = 11 ; system32..lci_proxyumdwow.CopyFiles = 10, SysWow64 ; x64-specific....[SourceDisksNames.x86]..1=%DiskId1%, lci_proxywddm.sys,,\x86..1=%DiskId1%, lci_proxyumd.dll,,\x86....[SourceDisksNames.amd64]..1=%DiskId1%, lci_proxywddm.sys,,\x64..1=%DiskId1%, lci_proxyumd.dll,,\x64..1=%DiskId1%, lci_proxyumd32.dll,,\x64....[SourceDisksFiles.x86]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1....[SourceDisksFiles.amd64]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1..lci_proxyumd32.dll = 1......;*****************************************

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_iddcx.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):46528
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.272518240848504
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:ql+LPDB5MAHFg6IWSG1ucVPajIyouwc09euwjsV3xnxhc:ql+Lt5X4WSM1a8youwzOsVxA
                                                                                                                                                                                                                                                                                            MD5:F018A1846A12B5DFF4A5FB0343745BBA
                                                                                                                                                                                                                                                                                            SHA1:C8E871A51E43B5E71A4D1ACA0A791B375CABAC86
                                                                                                                                                                                                                                                                                            SHA-256:3E5D8C95805CAECFC1BF5F689F036D1831E375E573F2B0BFFA4BBB59EA36B853
                                                                                                                                                                                                                                                                                            SHA-512:7DECEBD14950548436EB110F93A5951ABE42B6CACF8A041F77DFCE923FFB28B6B399EC3166F0D64A1B098F9671F73E43D020977D7EC093F7B786038C4A05C3B8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........N.9./.j./.j./.j.q.k./.j.q.k./.j.q.k./.j.r.k./.j.WQj./.j.r.k./.j./.j./.j'.7j./.j'.3j./.j'.0j./.j.r.k./.j.q.k./.j.q.k./.j.q.k./.j.q=j./.j.q.k./.jRich./.j........................PE..d....P.Y.........." .....X...@......@T....................................................`.........................................P...P................................#.......... ...8...........................`................p...............................text....V.......X.................. ..`.rdata...%...p...&...\..............@..@.data...0...........................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):176576
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.124833448410162
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:WSNRRE5R1pHa9i/hXYTqHDh3ikNrgfxhxe74bgGY53Urb7:WS67jsKCT2d1NsDgGY5387
                                                                                                                                                                                                                                                                                            MD5:37CF508FA1EB389ED85F822BAF9EF9B9
                                                                                                                                                                                                                                                                                            SHA1:1720BEFADBD467FD715CE301545BC1FF02DB4681
                                                                                                                                                                                                                                                                                            SHA-256:FA4CAC0B0361D85CE6220809FA85DFE3B295A187A7B58DD5FE5B06A7CE19F7FA
                                                                                                                                                                                                                                                                                            SHA-512:B90CD035F83245EEDC1FC09ADEDFAC341411CFC47D130B891B2CC83B908F9F683DFFB140AA61F11B7BD15C8A5725070A92659CC567FA58F5879A1790B56833F5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vj..7.R.7.R.7.R.j.S.7.R.j.S.7.R.i.S.7.R.i.S.7.R.i.S.7.R.j.S.7.R.7.R.7.R.j.S.7.RMi.S.7.RMi.S.7.RMi.S.7.RHi.R.7.RMi.S.7.RRich.7.R........PE..d....P.Y.........." .....r...*.......................................................F....`.........................................`M.......M..<................(.......#...........:..8...........................@:..................X............................text...`q.......r.................. ..`.rdata...............v..............@..@.data........`.......>..............@....pdata...(.......*...J..............@..@.gfids...............t..............@..@.rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):131520
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5166932980708925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Si+6w0ko6NDV3yLa/xzmqFq6/5GWRlrjmLS9jYIo3:h+xNDVCYFB/vqIo3
                                                                                                                                                                                                                                                                                            MD5:A9D5E6605391A4CE7E3699D5C39BA851
                                                                                                                                                                                                                                                                                            SHA1:54950896563D61917A4A61949E8B3552BC85A061
                                                                                                                                                                                                                                                                                            SHA-256:EA06D1A20DDDBF33AA776DE2036651F5B2A2AFF9503A2D7174C11000F92D0396
                                                                                                                                                                                                                                                                                            SHA-512:91FB4793621E8FDE6E62074F8545C4AFB636DBFAF3C236E803325DEE7B2CB33F5F1B183D565D11195912CF6DC2BBDA8F472D844AD8AF5C7738EFCB702D71BB59
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....P.Y...........!.....6..................P...............................0.......Z....@.....................................<........................#..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):115136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.395746141588922
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:7d+TsLFRVW08y8ka9xh+V3Un7C8PcYNzAR2k:R+wpCh+Vk7LPcWE0k
                                                                                                                                                                                                                                                                                            MD5:91F0E25E7EDF20F4B262A5419CDF73F2
                                                                                                                                                                                                                                                                                            SHA1:3D09164F4298A0EB1EEC978C1D3CA8259AABA326
                                                                                                                                                                                                                                                                                            SHA-256:D9EF2E7A55DE74FFB18CFD2CD875089B81416B636CB6BD73A6DAFDDD5E3E0BF4
                                                                                                                                                                                                                                                                                            SHA-512:2F4076F08EA9F3960A374F872AA547581811B4D1D225978F4FDFB5E42EF6FE79C491A53B33F7DD1E2B71BE6A281EFE29E7BF8ECFFD660D101F456AC4D456FA75
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C^./.?.|.?.|.?.|jb.}.?.|.?.|d?.|jb.}.?.|jb.}.?.|jb.}.?.|.a.}x?.|.a7|.?.|.a.}.?.|Rich.?.|........PE..d....P.Y.........."......N...N......,..........@................................................................................................(............@...........#......L.......8............................................................................text............................... ..h.rdata..d,..........................@..H.data........0......................@....pdata.......@......."..............@..H.gfids.......P.......2..............@..HPAGE.....R...`...T...4.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..L...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\my_setup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25536
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.407648101166343
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:FkVsC2/s2Abnkr+YcSIVO67k5hVEi4ZKoqZsHLErHPnhk:nP0bE+YHIO67kLcn2/hk
                                                                                                                                                                                                                                                                                            MD5:1FB5DE2628ECB1E835B18FDA9EB0CF29
                                                                                                                                                                                                                                                                                            SHA1:560AD3A8FC97187403754FBE2F3DBA056948B6CA
                                                                                                                                                                                                                                                                                            SHA-256:D1ADED22243AAF4B8727B064073B9CB1C33214DA01E76D08E69996E52E774538
                                                                                                                                                                                                                                                                                            SHA-512:E51BD203950E4D5DF2E26E59D90D8DC7E0B2D767C58688D2CBAB0BFD5ED5C884A72E029A737FCF1E04C908D7404645EDEC609A2E7C42E6BDCA1CDD04AB2169CC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..D.|...|...|..v...~|...|..B|..v...r|..v...t|..v...~|..v...~|..v...~|..Rich.|..........PE..d....P.Y.........." .....6...........1....................................................@.........................................pC.......;...............`.......@...#...p..0... ................................................................................text....4.......6.................. ..`.data...@....P.......:..............@....pdata.......`.......<..............@..@.reloc..Z....p.......>..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_iddcx.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):41408
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.573292469340805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:jbWmecDs6zvVt94VbJqvhkqskgSjyzFigs2Ktmen4hI:jbM6JX0Jq5kNGcsntmer
                                                                                                                                                                                                                                                                                            MD5:33C12C6F8271195C79B755388642FF77
                                                                                                                                                                                                                                                                                            SHA1:ABF3438FC7FF738BF3D030AE68BB16CBF4848462
                                                                                                                                                                                                                                                                                            SHA-256:086E922B53D801F63043D067A185893E5CD6341394B0E8C253D08D85D14B60A5
                                                                                                                                                                                                                                                                                            SHA-512:13B8EEDF0E98476E40DAB4059C6E91C591FA1DD21844151916CA70E1440FE22FA211D53E766D37DF0E494739C7881AF340731FCCAFAE73CAF81733D9FC1E1E88
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................................................A................x)'....x) ..........[......[......[......^.-....[......Rich...................PE..L....P.Y...........!.....N...2.......E.......`......................................%.....@..........................p..T....q.......................~...#..........0l..8...........................hl...............`..H............................text...;L.......N.................. ..`.rdata..\....`.......R..............@..@.data................n..............@....gfids...............p..............@..@.rsrc................r..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):131520
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.516896540085767
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/i+6w0ko6NDV3yLa/xzmqFq6/5GWRlrjmLS9jYIo8:K+xNDVCYFB/vqIo8
                                                                                                                                                                                                                                                                                            MD5:F67D8A541D407C6886D6358248014B8E
                                                                                                                                                                                                                                                                                            SHA1:9E17CD44ABBE3B30E0B52FBC5A6012BEA2CFCE61
                                                                                                                                                                                                                                                                                            SHA-256:919ACBEDDCBFE27D12EE44ECD38044D880A68622D7BC412FF81B089746C79E5F
                                                                                                                                                                                                                                                                                            SHA-512:674D9427B3F62382AD56EA647FD131CFF2E78CF31D5E7F608191390E752C382946C4CADB26B556F670C8C4A1C9245D1857841527C755BC505295224C4256C495
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....P.Y...........!.....6..................P...............................0............@.....................................<........................#..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):131520
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.517207826538128
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Bi+6w0ko6NDV3yLa/xzmqFq6/5GWRlrjmLS9jYIod:s+xNDVCYFB/vqIod
                                                                                                                                                                                                                                                                                            MD5:66541304390931345318FA3802797820
                                                                                                                                                                                                                                                                                            SHA1:11B3116900D0BB1D9F49E39788C4C21A6B82954E
                                                                                                                                                                                                                                                                                            SHA-256:B9CB315AD55CAD2147AAEBDCCC02055868DAF3EFD9F25384E50E80CE81EC018E
                                                                                                                                                                                                                                                                                            SHA-512:852EF5A95F5827E8BCBC437371FFE6B3959AD41F319721E14804BD143E1597753F0DE4DA86864098F11B4F0698831529054D07B3650AECE83DAB2E5A7C51AE2A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....P.Y...........!.....6..................P...............................0......."....@.....................................<........................#..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):88000
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.656236620722421
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:1++m+LZZ3SFkKjrZFWUwTK4gCQ7fBr8UQ6SIDXvjeIg6NhUA0d:1LL73SFHjOUaK4gNoUQ6SE7hXNhUA0d
                                                                                                                                                                                                                                                                                            MD5:B36B39A2AA5C15D0167A7D8454AE71A6
                                                                                                                                                                                                                                                                                            SHA1:2CD2E7DAF1762A44F4FD4FC84FFC60D84A2AEFA6
                                                                                                                                                                                                                                                                                            SHA-256:01871A132386F81DFD4894E9DAEB9433C4BE2A99EBE8FEC954E5182A43E96AF0
                                                                                                                                                                                                                                                                                            SHA-512:4BC14EDF6C0A9695764DEAD9C90F502DCDB7F420BD54794539183BFFECD054218290C23C57155EF982F1DAA4B479DAF80B63C7CA643F73AF2A66AC01E96926E4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................................8......=.=....8......Rich....................PE..L....P.Y.....................*.......@............@..........................p.............................................4A..<....P...............4...#...`..t... ...8...........................X...@............................................text...,........................... ..h.rdata..D...........................@..H.data...............................@...PAGE.....?.......@.................. ..`INIT....r....@...................... ..b.rsrc........P.......$..............@..B.reloc..t....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\my_setup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22976
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.652405722283548
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:pMuUkfWPmqKebW1j2zAAHOOntqVOviZKoqZsHLEF0PnhjIS:VHqKyWMvUOyncIhjIS
                                                                                                                                                                                                                                                                                            MD5:893828FDA5B4026B36C238CBED43BCC2
                                                                                                                                                                                                                                                                                            SHA1:B485E255B2F6F1C294BC127AA2BE14A39C346F56
                                                                                                                                                                                                                                                                                            SHA-256:CEA46DCCAF211E71DE3895C08E7C9A828C53232EDDBC90C0A6E3552826A8DDFA
                                                                                                                                                                                                                                                                                            SHA-512:951598591F2A395F8C5F993A5BD850CED11F43433DF00CF5B12CBAB360949E305A52CDF55A675C8FE59F275432C92D479444C91F71AB39AB342200560972A6A6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=5.:yT.iyT.iyT.ip,QixT.iyT.iET.ip,WitT.ip,VixT.ip,GitT.ip,UixT.iRichyT.i........................PE..L....P.Y...........!.....,..........-/.......@...............................`.......(....@......................... :......|3.......................6...#...P..4...................................(...@............................................text....*.......,.................. ..`.data........@.......0..............@....reloc.......P.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                            MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                            SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                            SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                            SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                            MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                            SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                            SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                            SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                            MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                            SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                            SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                            SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                            MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                            SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                            SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                            SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8367
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.279860186543382
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:+2A2RJoIo6vyowJL/aoxhHoe068jSJUbueqw4G:JRaD8YJLFHJ06dUb+w1
                                                                                                                                                                                                                                                                                            MD5:092FF1A83123D816B748F0D382792543
                                                                                                                                                                                                                                                                                            SHA1:C1D1E85955113B8AAB604107738E6B532FE5C706
                                                                                                                                                                                                                                                                                            SHA-256:E81535236E4BDC5534677D05AB3DB67F03283E756233924945CC7D93D394DB5A
                                                                                                                                                                                                                                                                                            SHA-512:7A24AF6CEF474663E615F9BCD5780D97D4249AE8D767EB60927A2BF7B7E66B1777486886C7A053C30301F98E22CCD5AAB7877BC47FA5000C34A707806B198864
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0. ...*.H........ .0. ....1.0...+......0..a..+.....7.....R0..N0...+.....7...........cA.....G....081005153941Z0...+.....7.....0...0....R1.7.C.9.C.C.1.B.2.1.1.8.1.0.C.9.D.B.5.7.8.5.3.B.0.8.5.1.7.E.8.E.F.A.A.7.6.D.C.E...1..702..+.....7...1$0"...F.i.l.e........m.v.2...d.l.l...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............!....W.;.Q~...m.0....R9.6.B.8.E.2.E.D.6.3.F.5.4.B.E.B.4.E.0.8.7.7.1.2.A.D.A.7.5.2.0.C.2.3.7.9.C.5.C.4...1../02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............c.K.N.w...R.#y..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RA.9.4.9.3.C.B.6.B.6.B.E.D.A.B.7.E.8.3.E.2.B.8.D.E.C.1.9.5.6.9.2.7.A

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):26048
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.292871779652706
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:U2dFSGikkp4cE8WWk2lg0ZeE313MrnCbuSLwJiU:deeJlGMroJIiU
                                                                                                                                                                                                                                                                                            MD5:867F3CA0E3A4B57F5BA7519B645AED66
                                                                                                                                                                                                                                                                                            SHA1:837676FE5C7B62AFAA4D49E6AC51EDF948AD1757
                                                                                                                                                                                                                                                                                            SHA-256:1A392E8731E4F01476C54FB4FD408F590D8530C34E3835081886A0056A91E502
                                                                                                                                                                                                                                                                                            SHA-512:27E21584DC54D1996FDFEE2002027061A160E89BD3B7249C017D91900381102674D65282E9B623F002F392BBF8649F0092DE9CB46C70B739A42EE62A3753C8FF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W..=,...W...V...W..=*...W..=:...W..=&...W..=+...W..=/...W.Rich..W.........PE..d......H.........." .....2...........7............................................... .......................................................p..(............`..,....J..........<....@...............................................@...............................text....-.......................... ..h.rdata.......@.......2..............@..H.data........P.......8..............@....pdata..,....`.......>..............@..HINIT.........p.......@.............. ....rsrc................D..............@..B.reloc...............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2255
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3700497661675906
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ehVVpvnf4+BCs00c/9XSvFhb54y83WhJhdYpBBh22wlFTP/7bp:MJfJ00Si4yMyA7DwlFLB
                                                                                                                                                                                                                                                                                            MD5:1B4F828FC21AA28C3CE863A31C1F9D48
                                                                                                                                                                                                                                                                                            SHA1:96B8E2ED63F54BEB4E087712ADA7520C2379C5C4
                                                                                                                                                                                                                                                                                            SHA-256:E7F85212D7708402910830576B0BD84873C24A1339CFD3EBBE5A2939127438D4
                                                                                                                                                                                                                                                                                            SHA-512:9CF0E701ADCBBE05652F623A34849910C657FA9536513835D18FD184FAAD47B62C28437237A78494B8E31F5E27C0BDDCD9D4CB5C5B4BEDC56EF0842553AB3064
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=04/11/2007,6.0.1.0..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg,NTamd64....[stdMfg.NTamd64]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup =

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.137352195821723
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:8hD6YJoIo6vyowJL/aoxhHoe068jSJUbueqycZ:8hD6YaD8YJLFHJ06dUb+BZ
                                                                                                                                                                                                                                                                                            MD5:4B6B1EF53636E2C5A9EB9AF291970073
                                                                                                                                                                                                                                                                                            SHA1:868C5A226293EEB37C513E106A80B9EE9A01684A
                                                                                                                                                                                                                                                                                            SHA-256:25444A485A800E2609AD56179146DD24C41E3E56A10969037D4914BAA452DF53
                                                                                                                                                                                                                                                                                            SHA-512:05B3D52E62ABB995B3EA4BEBE7C3D18354124772D97287BAAF4474ADBF9BD537AC258974C1C0B2EC1C7E3779D27D411FE74550FEA77A36D06A6D99FFD0628A7F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:f.q[..q[..q[..q[..r[..V.s.t[..V.u.p[..V.e.r[..V.y.p[..V.t.p[..V.p.p[..Richq[..........PE..d...p .G.........."..................P.......................................p......cQ......................................................dP..<....`.......@......................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT.... ....P...................... ....rsrc........`......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\install.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                            MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                            SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                            SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                            SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:setupdrv install

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\license.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1150
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                            MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                            SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                            SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                            SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\setupdrv.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):90688
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.200545275172027
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:I/QY76jVjfCCHOLvctoA3eDDjEcUVzDOhtMRFS3CZiR3IeSkuH5ysQyMXq:I/QNjfCEoAOD0cUVWhmRLARnSDH5y1yv
                                                                                                                                                                                                                                                                                            MD5:6C788D13DEDCD6EB9E022ACA8BD1C3FA
                                                                                                                                                                                                                                                                                            SHA1:741A5342618A0AF7AC6E3F947FB3BC128477E237
                                                                                                                                                                                                                                                                                            SHA-256:0BB050B230CA684DE7021D9B66303C71F408885163B20166E7047C223E0EE01E
                                                                                                                                                                                                                                                                                            SHA-512:9CEEBC23EF82A302250291B0D3584F9CE9328DEA8850F49A3473B6B5392FCE4299AC0535A0F9AAF0A22047293DFD2AC70DF4002E21BF7B1BB1711E9984C9BC33
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nx..Nx..Nx.....Nx......Nx.....Nx..Ny.ENx......Nx......Nx......Nx.Rich.Nx.................PE..d....T.G..........#..........n.......E.........@.....................................8......................................................."..x....................L..@............................................................................................text............................... ..`.rdata...@.......B..................@..@.data...d=...@....... ..............@....pdata...............6..............@..@.rsrc................B..............@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\uninstall.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977180725182127
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kCdGk3hd0E23B1047V1j47V1u471kgAq3Gn3C:/1RqXRC4R94RQ4dAqqy
                                                                                                                                                                                                                                                                                            MD5:2203EE251159885EF20D6970F67529C3
                                                                                                                                                                                                                                                                                            SHA1:D775009C08D7EC7F684FC7B657DDC7BCB7DA94C6
                                                                                                                                                                                                                                                                                            SHA-256:C3D0070A0EA5BB0708565930199C77E7DC4BFC31A6B368B2F8A7B0239E739304
                                                                                                                                                                                                                                                                                            SHA-512:3A1BBF3F460DCDCDE1DE3D5F345973D1827EB717AB7FCA3C3DE5A12E324125EF94D7FFC34F664D5C1763790E3A4189F065DFCA4E0E7FB43E4BEC0DA32255E785
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....\utils\devcon64.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon64.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd64.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8367
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.270789935373524
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:+90+LRJoIo6vyowJL/aoxhHoe068jSJUbueqNb:eBRaD8YJLFHJ06dUb+Nb
                                                                                                                                                                                                                                                                                            MD5:80D00FB5201EE5E66D8230B8440A7643
                                                                                                                                                                                                                                                                                            SHA1:0DD971723322BB0EC8D7EF71D6389F839F6EBE30
                                                                                                                                                                                                                                                                                            SHA-256:C17A1DE10DF4DF8A51E1EE7EDB209E6DEBF34285E327A7C669EF0E04E1BED72C
                                                                                                                                                                                                                                                                                            SHA-512:C01F6AB36E2007E18DE27B46CB51BC8896AF5666FE18F39DADB0DC90B0DAAC2AB6580F31B0B15BD83D5453932A1299AE17E8DBA298D20B656945DEB0506F6AB5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0. ...*.H........ .0. ....1.0...+......0..a..+.....7.....R0..N0...+.....7.......r..V5B.r/.9.V...081005153046Z0...+.....7.....0...0....R8.3.5.1.9.D.3.B.C.A.9.2.3.C.F.2.9.A.9.3.D.9.2.E.A.4.1.3.A.5.C.E.D.E.5.B.B.E.0.0...1..702..+.....7...1$0"...F.i.l.e........m.v.2...s.y.s...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........Q.;.<........[..0....R8.7.E.8.4.F.A.7.5.6.B.9.8.F.1.4.3.7.F.F.8.F.8.D.D.9.A.2.D.C.B.6.D.0.6.2.8.5.1.5...1../02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........O.V...7......b..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.7.9.F.6.E.3.3.5.F.D.E.2.3.6.B.8.1.F.9.D.B.0.D.4.2.F.1.4.8.4.B.7.B

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23488
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.423731919049599
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:QvTfgigZKPBRDwvp5BY83HV8diQFHbsQaD8YJLFHJ06dUb+DQ:QLfpqKZRDMq6HV89HbsQSLwJiDQ
                                                                                                                                                                                                                                                                                            MD5:55CB63E6661D7A911C74BF39986336AB
                                                                                                                                                                                                                                                                                            SHA1:1F26A92347F58DC9616B611F1E8A29E0E6B94D67
                                                                                                                                                                                                                                                                                            SHA-256:9C5E913DB4B4BE861EEC63C071FBCC6A3BC60A0D11949EC47251780508A83E25
                                                                                                                                                                                                                                                                                            SHA-512:B31838612588A4CA9BB6B7D5DD0EABB69BF8FD41170FA71A0D7357D31BAFDF3075F0DE070160AFB58DAACEC5BB47EF34316E652DE9421B186F91BDCAA2BF58A2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k..k..k.*.k..k.*.k..k.*.k..k.*.k..k.*.k..kRich..k................PE..L...h..H...........!.....,...........1.......@......................................^a.......................................`..(....p...............@..............p@...............................................@..p............................text....&.......(.................. ..h.rdata..q....@.......,..............@..H.data...@....P.......0..............@...INIT....r....`.......4.............. ....rsrc........p.......8..............@..B.reloc...............<..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2243
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.362010783542873
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ehVVpvnf4+BCs0j/9XSvFhb54y83WhJhdYpBBN22wlFTP/7bp:MJfJ0di4yMyAXDwlFLB
                                                                                                                                                                                                                                                                                            MD5:AEA986639139A63559A39BE4A9986B39
                                                                                                                                                                                                                                                                                            SHA1:87E84FA756B98F1437FF8F8DD9A2DCB6D0628515
                                                                                                                                                                                                                                                                                            SHA-256:78A01CCC86628727E603A74BF008DBD95B465031EFA6FB52AB9496293E8470E1
                                                                                                                                                                                                                                                                                            SHA-512:37E092646B88E45962737ED696C575F944E15BAD3884442A60D7DE427E8669AE1B3C578CE959D2D304A7668CC84F8F3E0C220A4988D4C15197228466456B3878
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=04/11/2007,6.0.1.0..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg....[stdMfg]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup = Video..ServiceBi

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.022711070794495
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:+SniyJoIo6vyowJL/aoxhHoe068jSJUbueqrII:OyaD8YJLFHJ06dUb+J
                                                                                                                                                                                                                                                                                            MD5:B435F95592AD8E6FC3BACD4A7E89B614
                                                                                                                                                                                                                                                                                            SHA1:287FA71A499CB6AA7E806BB6106C7401CD504ACA
                                                                                                                                                                                                                                                                                            SHA-256:331F200BCEA80E55743CE8CCF49B18785F70CAF21C13B15FBA9A3A9D32C6A46E
                                                                                                                                                                                                                                                                                            SHA-512:53373208640AC22F23B4C56D9C9AC32E0837314E736D14FEAF2A571594886A3D6EF42B875980D39FBE9103C101CDAED43740EB026FFFA6019503E39A85E38086
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}K..9*r.9*r.9*r.9*s.:*r.....<*r.....;*r.....8*r.....8*r.Rich9*r.........................PE..L...j .G.............................@....... ...............................p.......b......................................H@..<....P.......................`..0... ............................................... ...............................text............................... ..h.rdata....... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc..V....`......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\install.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                            MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                            SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                            SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                            SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:setupdrv install

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\license.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1150
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                            MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                            SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                            SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                            SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\setupdrv.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.9219061141523825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:1zCCrWvSRU7VEBmGDnw29Gz07X83JlcytyCpw:1zCCrM7Uio83JljtyIw
                                                                                                                                                                                                                                                                                            MD5:50F6A9509729A6D8D97E29AD259C6A1E
                                                                                                                                                                                                                                                                                            SHA1:1AEADFC64CD4D6B9D878F93999A4D571936CCA91
                                                                                                                                                                                                                                                                                            SHA-256:C8B3049C278B7E3FE2CFE4D84096A292CC14557EBCC02B8998EB14C83289EB8F
                                                                                                                                                                                                                                                                                            SHA-512:71660BEE4D58074B05538DA18F905CBFAF1567C60AA02F7C979571F3D21AC2AD56F19B3B7FEB2430686302222932CB901B0B895C16076EF1963CC93C94311769
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p..p..p......p......p.n....p..p."p......p......p......p.Rich.p.................PE..L.....H.....................`.......<............@..........................p......z_..........................................x....`..4...............................................................@............................................text............................... ..`.rdata...0.......@..................@..@.data...d3... ....... ..............@....rsrc...4....`.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\uninstall.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):405
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.932556842608647
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kCdgk3hdyE23B1047V1j47V1u47jkgAq3Gn3C:/jR8XRC4R94RQ43Aqqy
                                                                                                                                                                                                                                                                                            MD5:00A98380A84308DFEDB409827DB9C916
                                                                                                                                                                                                                                                                                            SHA1:F31EC578108616125450187C709B6E133425BC25
                                                                                                                                                                                                                                                                                            SHA-256:948C84A52F8847798150629B396E29857C0C7EB77550276A000E02B2B9C85A4E
                                                                                                                                                                                                                                                                                            SHA-512:73AFAEB0394B470102A05D6E7F1195E60BEFE5469241C5ED182032AC80E54196945E7E9AA9AC2391DC13528E06F3D6C165C4083ECFE6B6F07A1E8F2E30AA5A8E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....\utils\devcon.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8403
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.26515273733877
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:VafwaRJoIo6vyowJL/aoxhHoe068jSJUbueqO0:VQRaD8YJLFHJ06dUb+O0
                                                                                                                                                                                                                                                                                            MD5:9B3AB5B97500F2C39C75EA2910BC6420
                                                                                                                                                                                                                                                                                            SHA1:42267EA620E0EF5B0F4DBF25B705F1B3C4D03649
                                                                                                                                                                                                                                                                                            SHA-256:32557B63B75CE1DBB761C22092E130561FE6B156CD1D0F96E809E8D0A32E89A6
                                                                                                                                                                                                                                                                                            SHA-512:BFEBCC8BA47E7E0F7FA6218E2A057C3ADD8C570B839ACA3F159495024028A9F6408143FB7A34F2EAD66278401898150A497339BEF3E671A3212055EC73056009
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0. ...*.H........ .0. ....1.0...+......0.....+.....7.....v0..r0...+.....7.........8U<F..n1.L.\..081005153929Z0...+.....7.....0...0....R4.7.2.9.5.6.B.E.1.5.7.7.9.6.F.0.3.4.9.B.9.C.D.9.3.0.D.5.0.9.5.1.B.6.2.F.6.9.B.D...1..C02..+.....7...1$0"...F.i.l.e........m.v.2...d.l.l...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........G)V..w..4...0..Q./i.0....R9.6.B.8.E.2.E.D.6.3.F.5.4.B.E.B.4.E.0.8.7.7.1.2.A.D.A.7.5.2.0.C.2.3.7.9.C.5.C.4...1..;02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............c.K.N.w...R.#y..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.F.A.3.A.B.F.9.9.C.2.4.E.2.7.D.8.6.3.9.B.2

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25536
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.314384276589044
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:jdxcojc4oPxNtS4v28b3pnd6DABnOSLwJiz:jdj9oPxjNv2YnPdpIiz
                                                                                                                                                                                                                                                                                            MD5:52E972E497645851FA910787CC2050E0
                                                                                                                                                                                                                                                                                            SHA1:1CE9A93996DFC5F24DF8CAD16E15555BE368B956
                                                                                                                                                                                                                                                                                            SHA-256:B0C07A2912B4EC67CA8A37B890DB33A62CC0DB3A733CD6D146FF6F865D6E4B88
                                                                                                                                                                                                                                                                                            SHA-512:4CADF2BFA9056A1756BB79C4EB2842E8A9A132544305EAB0F1433AF2C890B24DA3614E5E241A86358CF47FBF7F0A783102850346CAB2FA04B1AEDC9B81C79E94
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9.].W.].W.].W.].V.F.W...,.^.W...:.Z.W.....\.W.../.\.W.Rich].W.........PE..d......H...........!.....2..........0=..............................................g'.......................................................p..(............`..,....H..........<....@...............................................@...............................text....-.......................... ..h.rdata.......@.......2..............@..H.data........P.......8..............@....pdata..,....`.......<..............@..HINIT.........p.......>.............. ....rsrc................B..............@..B.reloc...............F..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2255
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3700497661675906
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ehVVpvnf4+BCs00c/9XSvFhb54y83WhJhdYpBBh22wlFTP/7bp:MJfJ00Si4yMyA7DwlFLB
                                                                                                                                                                                                                                                                                            MD5:1B4F828FC21AA28C3CE863A31C1F9D48
                                                                                                                                                                                                                                                                                            SHA1:96B8E2ED63F54BEB4E087712ADA7520C2379C5C4
                                                                                                                                                                                                                                                                                            SHA-256:E7F85212D7708402910830576B0BD84873C24A1339CFD3EBBE5A2939127438D4
                                                                                                                                                                                                                                                                                            SHA-512:9CF0E701ADCBBE05652F623A34849910C657FA9536513835D18FD184FAAD47B62C28437237A78494B8E31F5E27C0BDDCD9D4CB5C5B4BEDC56EF0842553AB3064
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=04/11/2007,6.0.1.0..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg,NTamd64....[stdMfg.NTamd64]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup =

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.137468737457105
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:8CvhDWQJoIo6vyowJL/aoxhHoe068jSJUbueqEQ:hhDWQaD8YJLFHJ06dUb+EQ
                                                                                                                                                                                                                                                                                            MD5:0469611E7DC0A882D123DC89FE386C01
                                                                                                                                                                                                                                                                                            SHA1:7059D4EFBE980F3A355CF8401A33F7EA1E129CD9
                                                                                                                                                                                                                                                                                            SHA-256:BFFA6606A5CCD1F79EF7D0F591BD6EE8FDE28C266EA8C8608D423321174CB87C
                                                                                                                                                                                                                                                                                            SHA-512:FA1ED8E1A312497A1DCFB73F12D545BA298063250FCDC9E03B4EC71DD86C91743104EB322351F4AD1E33CDD3E412E92595EBA03EE860D013B0A2646BCB467327
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I.g'..g'..g'..g&..g'...\..g'...J..g'...Z..g'...J..g'...V..g'...[..g'..._..g'.Rich.g'.........................PE..d...0 .G.........."..................P.......................................p......u.......................................................dP..<....`.......@......................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT.... ....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\install.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                            MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                            SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                            SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                            SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:setupdrv install

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\license.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1150
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                            MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                            SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                            SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                            SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\setupdrv.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):90688
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.200844475591763
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:D/QY76jVjfCCHOLvctoA3eDDjEcUVzDOhtMRFS3CZiR3IeSkuH5ysQyMK:D/QNjfCEoAOD0cUVWhmRLARnSDH5y1y3
                                                                                                                                                                                                                                                                                            MD5:137E02F6D5D1BEB5F8096AA34C93545C
                                                                                                                                                                                                                                                                                            SHA1:8550A23A017B440A7D558F4DBC959C643262D803
                                                                                                                                                                                                                                                                                            SHA-256:9CE571A987AEE98698D1A70D39A744A416136370D5659B23DE8C1CC523CEEB83
                                                                                                                                                                                                                                                                                            SHA-512:38DD0F680C3D906307B0BDD835E035D154F0F65DCB69D25455D81F50F6E1ECC3854A507A26B2C1FE029B05EC1BC7ABB974DDB2190BC06B5808C4A14E243E808D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nx..Nx..Nx.....Nx......Nx.....Nx..Ny.ENx......Nx......Nx......Nx.Rich.Nx.................PE..d....T.G..........#..........n.......E.........@....................................._......................................................."..x....................L..@............................................................................................text............................... ..`.rdata...@.......B..................@..@.data...d=...@....... ..............@....pdata...............6..............@..@.rsrc................B..............@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\uninstall.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977180725182127
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kCdGk3hd0E23B1047V1j47V1u471kgAq3Gn3C:/1RqXRC4R94RQ4dAqqy
                                                                                                                                                                                                                                                                                            MD5:2203EE251159885EF20D6970F67529C3
                                                                                                                                                                                                                                                                                            SHA1:D775009C08D7EC7F684FC7B657DDC7BCB7DA94C6
                                                                                                                                                                                                                                                                                            SHA-256:C3D0070A0EA5BB0708565930199C77E7DC4BFC31A6B368B2F8A7B0239E739304
                                                                                                                                                                                                                                                                                            SHA-512:3A1BBF3F460DCDCDE1DE3D5F345973D1827EB717AB7FCA3C3DE5A12E324125EF94D7FFC34F664D5C1763790E3A4189F065DFCA4E0E7FB43E4BEC0DA32255E785
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....\utils\devcon64.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon64.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd64.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8367
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.272037405136225
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:5otYRJoIo6vyowJL/aoxhHoe068jSJUbueqY:nRaD8YJLFHJ06dUb+Y
                                                                                                                                                                                                                                                                                            MD5:89A312ED78E1EDAC37DE5FD1D3E4E0EB
                                                                                                                                                                                                                                                                                            SHA1:0F913D609437D8B4C2D9675E66C650C6344B93D5
                                                                                                                                                                                                                                                                                            SHA-256:065C1A3537BAE5BB645DAC15E068DE3CAEA40E460DF130A05D3CBFE15831E747
                                                                                                                                                                                                                                                                                            SHA-512:A20DF9DEA384F8B52F287A2E16076CA32BF965B46A46B28BF49A1F18F342AA1E19A1B7FA7AD303AC3AB91364D5C18BCF62083360AF54DC5EA9236BD90AB35A1B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0. ...*.H........ .0. ....1.0...+......0..a..+.....7.....R0..N0...+.....7.....H.`.O.N@...B...b..081005153452Z0...+.....7.....0...0....R1.E.2.1.E.3.7.E.C.2.C.6.8.4.8.9.E.7.6.D.5.E.C.A.0.4.D.A.3.5.1.6.B.9.4.3.2.7.5.F...1..702..+.....7...1$0"...F.i.l.e........m.v.2...s.y.s...02..+.....7...1$0"...O.S.A.t.t.r........2.:.5...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........!.~....m^...5..C'_0....R4.5.3.D.8.9.E.E.3.3.4.F.4.7.2.4.3.C.6.C.C.C.5.3.4.A.D.4.D.4.6.9.B.E.3.0.9.7.2.6...1../02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...02..+.....7...1$0"...O.S.A.t.t.r........2.:.5...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........E=..3OG$<l.SJ..i.0.&0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.B.0.9.9.7.8.F.8.B.F.D.A.2.5.3.F.D.5.7.9.1.3.5.3.1.2.9.3.B.F.2.6.5

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20288
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.695099027186018
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:w69hD4isesPZlFwQUWeFtdg4uS8fHt9ndIeBq6H7LFhaD8YJLFHJ06dUb+C1:w6WesRlFwQg1buSCH3nWB6bLPSLwJi2
                                                                                                                                                                                                                                                                                            MD5:775286759FF1211C25A8D65D29024FD0
                                                                                                                                                                                                                                                                                            SHA1:1E8A304D9DBCF3C0AA09AA10304B09B99995C54F
                                                                                                                                                                                                                                                                                            SHA-256:9581581926651D7A2887FD51CE2D7A330333E47C4F91FB34D7B20C058D9B96D2
                                                                                                                                                                                                                                                                                            SHA-512:54D4D0A0547311A6B19D5CB196E98DEF93EB5311F1328FA2B3674E81E157D266B2D8CF78E08E547F3BFE21CA716D4679674B23BCE196D612184840E578DAA806
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................9.b.}...}...}...}...g.......~.....S.z.....R.|.....V.|...Rich}...................PE..L......H...........!.....$...........%.......&...............................3......Jk.......................................,..(....................3.......2......p&...............................................&..l............................text...R!.......!.................. ..h.rdata..q....&.......&..............@..H.data...0....(.......(..............@...INIT....^....,.......,.............. ...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2239
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.36119317959271
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ehVVpvn2vF+BCs0j/9XSvFhb54y83WhJhdYpBBN22wlFTP/7bp:MJQ20di4yMyAXDwlFLB
                                                                                                                                                                                                                                                                                            MD5:D6AEB05521710E2006B4A9E8C07C68C4
                                                                                                                                                                                                                                                                                            SHA1:453D89EE334F47243C6CCC534AD4D469BE309726
                                                                                                                                                                                                                                                                                            SHA-256:F34C416888AEBE90A29948D95BEB8343B7B49CF7E1BB5193716FD97F0330E842
                                                                                                                                                                                                                                                                                            SHA-512:13C61423D966A5A670BED20535BF6EA211FAAAC15CAD7D2E1124A855A27360CD7B97BFE01E5EE368A139DE9CA07B236427A2BEAEAD19F7C72FD610876696D82D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=05/25/2004,1.1..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg....[stdMfg]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup = Video..ServiceBinary

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10304
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.601225217483284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:M46n7JoIo6vyowJL/aoxhHoe068jSJUbueqBfg:TW7aD8YJLFHJ06dUb+W
                                                                                                                                                                                                                                                                                            MD5:8CD0D603FF051F283CAEE66853622D65
                                                                                                                                                                                                                                                                                            SHA1:2BAE5B78077F08564AA8DA2DBD8E91C4692BB211
                                                                                                                                                                                                                                                                                            SHA-256:9CF391A95C44F449827004632A3995C66223D24A09CB309CBA2227C94079857E
                                                                                                                                                                                                                                                                                            SHA-512:108DC92D80352C3FB2D3EA06B545AA1C19C492506CD0F9C71BF00FF38C97B7BAA840ABD9B33B1E3CE4A154860F1C9301C3504CD1738CC887870025226EA36C32
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................}>..9_..9_..9_..9_..:_...P.<_......;_.....8_.....8_..Rich9_..........................PE..L...X .G...................................................................................................................H...<...............................(....................................................................................text............................... ..h.rdata..............................@..H.data...............................@...INIT............................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\install.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                            MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                            SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                            SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                            SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:setupdrv install

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\license.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1150
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                            MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                            SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                            SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                            SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\setupdrv.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.9219061141523825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:1zCCrWvSRU7VEBmGDnw29Gz07X83JlcytyCpw:1zCCrM7Uio83JljtyIw
                                                                                                                                                                                                                                                                                            MD5:50F6A9509729A6D8D97E29AD259C6A1E
                                                                                                                                                                                                                                                                                            SHA1:1AEADFC64CD4D6B9D878F93999A4D571936CCA91
                                                                                                                                                                                                                                                                                            SHA-256:C8B3049C278B7E3FE2CFE4D84096A292CC14557EBCC02B8998EB14C83289EB8F
                                                                                                                                                                                                                                                                                            SHA-512:71660BEE4D58074B05538DA18F905CBFAF1567C60AA02F7C979571F3D21AC2AD56F19B3B7FEB2430686302222932CB901B0B895C16076EF1963CC93C94311769
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p..p..p......p......p.n....p..p."p......p......p......p.Rich.p.................PE..L.....H.....................`.......<............@..........................p......z_..........................................x....`..4...............................................................@............................................text............................... ..`.rdata...0.......@..................@..@.data...d3... ....... ..............@....rsrc...4....`.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\uninstall.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):405
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.932556842608647
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kCdgk3hdyE23B1047V1j47V1u47jkgAq3Gn3C:/jR8XRC4R94RQ43Aqqy
                                                                                                                                                                                                                                                                                            MD5:00A98380A84308DFEDB409827DB9C916
                                                                                                                                                                                                                                                                                            SHA1:F31EC578108616125450187C709B6E133425BC25
                                                                                                                                                                                                                                                                                            SHA-256:948C84A52F8847798150629B396E29857C0C7EB77550276A000E02B2B9C85A4E
                                                                                                                                                                                                                                                                                            SHA-512:73AFAEB0394B470102A05D6E7F1195E60BEFE5469241C5ED182032AC80E54196945E7E9AA9AC2391DC13528E06F3D6C165C4083ECFE6B6F07A1E8F2E30AA5A8E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....\utils\devcon.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):28904
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.117643529522381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:e+YCxM04ZZNXkvT4cTMUBZ17XM/Q3HUL+drIKumXOs:eULtXFULWfZ
                                                                                                                                                                                                                                                                                            MD5:87FC012C1B45E780B6CFF6C4F1677C3B
                                                                                                                                                                                                                                                                                            SHA1:C8EDB2EA85AE5EC17232F6E4CC5594AFB4805936
                                                                                                                                                                                                                                                                                            SHA-256:D09E57690C0E9D6FF7EF26C7DD85F2E6D19C8E7B36CC298AEBAE04B16D59CA45
                                                                                                                                                                                                                                                                                            SHA-512:9CD0590444B5FC79CDCD98196D43B027FA17091B49C5246CF9AE97128131BE851D7547BFB5896A2400045CE38901D74A61AEE2DE7D833B178CBDC6EFCC30CBAA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sk..7...7...7...>rn.0...7.......>rz.4...>r|.4...>rj.3...>r`.6...>r}.6...>rx.6...Rich7...........................PE..d...@.@R.........."......8......................................................................................................................(.......8....P..X....T..........(....1...............................................0...............................text...F........................... ..hNONPAGED..... ...................... ..h.rdata.......0......................@..H.data........@....... ..............@....pdata..X....P.......$..............@..HPAGE....G....`.......(.............. ..`INIT.................D.............. ....rsrc...8............L..............@..B.reloc..t............R..............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):193
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2470977727549695
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajs/dYV0K8G6Pm/mec99KfRFQi64hA3C:kid40K8GteerfUibA3C
                                                                                                                                                                                                                                                                                            MD5:1E14B5A16092F96F382E7CC1291A2B8B
                                                                                                                                                                                                                                                                                            SHA1:5CBD16AE4C6570AF42D6DC61C64AC2660FD88F60
                                                                                                                                                                                                                                                                                            SHA-256:D547136F9EDF4066EF4E59864EED1D45EEBAE7FBB338F0068C925B6E6212A0CE
                                                                                                                                                                                                                                                                                            SHA-512:1B5222F0F87C6C4A651868DFF84A7BB69A3C913257F0665DD955AF411AD9FC7D19AA1242F362BA676474CCEDDAC51D2B3A1AAEBA11BAEFEF899C6D5C0F083509
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon.exe update stdpms.inf *PNP09FF >> inst.log..reg add "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /f /v "BlankScreenType" /t REG_DWORD /d 2 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):207
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.345831283284553
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajs/dRLw0K8G6Pm/MWyec99KfRFQi64hA3C:kidm0K8GtfyerfUibA3C
                                                                                                                                                                                                                                                                                            MD5:0270238B2339619D2CC54585124D1ED3
                                                                                                                                                                                                                                                                                            SHA1:657F624CD74BADB8CB0186731FEDA17A997AD929
                                                                                                                                                                                                                                                                                            SHA-256:01D2B51A0E18924936C30611457CAD5C5CC2A803C4CFD45E0850A92F6C55B6D7
                                                                                                                                                                                                                                                                                            SHA-512:52A05F90023926CE9274C64CDE925C2C6055439201AF932459D4FED3D823D08164C76695FFEBA1763C4F9D76D52AAB2F86E230603E3DC2FB7664256E1856CFF8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon64.exe update stdpms.inf *PNP09FF >> inst.log..reg add "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /f /v "BlankScreenType" /t REG_DWORD /d 2 >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8925
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.166871854157093
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:dBsB42FHECwUnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lfr9mlv4:kB4UwUnYPL/p1P6j7Tmu
                                                                                                                                                                                                                                                                                            MD5:38BEB031E625E814CFA8F84CEEE2B8FF
                                                                                                                                                                                                                                                                                            SHA1:103C875EE0378BA5375A34E731FB2AFFC07939E1
                                                                                                                                                                                                                                                                                            SHA-256:D441726A3E82AF0DF1C60EDD17B753E59827789BC50E3E79FE957319085F9091
                                                                                                                                                                                                                                                                                            SHA-512:45DAD2545DB7B3A43DA22FB04518320BFE7E601AF053866253A52F887EE7C8919587AB11C448D335758BEFE2633D3D176B022F2E29D2B920F6164A6101F7CC41
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0."...*.H........".0."....1.0...+......0..j..+.....7.....[0..W0...+.....7.......L.L..O..Jm. Ym..130924010058Z0...+.....7.....0..S0....R3.7.4.F.E.D.7.A.4.4.6.6.9.F.1.A.C.7.B.0.7.2.B.0.C.7.1.8.5.5.F.5.B.6.B.0.3.5.C.8...1..m08..+.....7...1*0(...F.i.l.e........s.t.d.p.m.s...s.y.s...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........7O.zDf...r...U...5.0....R7.C.8.2.3.8.E.F.3.2.B.A.3.9.C.D.9.C.9.4.D.D.0.5.4.5.0.A.7.D.E.0.E.D.E.1.4.5.D.4...1..e08..+.....7...1*0(...F.i.l.e........s.t.d.p.m.s...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........|.8.2.9....E.}...E.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1897
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.40875279355006
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:jshokavrehezNkgyfROQ9gHwuMgHPgHh2v6YgFR:jMokCcakgMgyIMsAegn
                                                                                                                                                                                                                                                                                            MD5:A68830A694AB983F0CBF2CC735A535E8
                                                                                                                                                                                                                                                                                            SHA1:7C8238EF32BA39CD9C94DD05450A7DE0EDE145D4
                                                                                                                                                                                                                                                                                            SHA-256:6F5CA12FFDFF830B32F02AF03C7B385819CC07BB51AC72A20D69B9C51B2E4112
                                                                                                                                                                                                                                                                                            SHA-512:581478C5A9488227D0C56E34B7AE353C3FA7068D84023AEC14390B31D24B65BED82FD39590C5A7C4875AD25DEF17FC67ACC97C327D4282AD1E11DD9C260A714C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature="$WINDOWS NT$"..Class=Monitor..ClassGUID={4d36e96e-e325-11ce-bfc1-08002be10318}..Provider=%splashtop%..DriverVer=06/19/2013,1.0.0.1..CatalogFile=stdpms.cat....[SourceDisksFiles]..stdpms.sys = 99....[SourceDisksNames]..99 = %DISK_NAME%,,,""....[SourceDisksNames.AMD64]..99 = %DISK_NAME%,,,64bits....[DestinationDirs]..DefaultDestDir = 10..CopyFunctionDriver = 12....[Manufacturer]..%splashtop% = Vendor, NTx86, NTAMD64....[Vendor.NTx86]..%splashtop.DeviceDesc%=stdpms.Inst, *PNP09FF....[Vendor.NTAMD64]..%splashtop.DeviceDesc%=stdpms.Inst, *PNP09FF....[stdpms.Inst]..CopyFiles=CopyFunctionDriver..AddReg=stdpms.AddReg....[stdpms.AddReg]..HKR,,DevLoader,,*ntkern..HKR,,NTMPDriver,,stdpms.sys..HKR,,Description,,%splashtop.DeviceDesc%....[stdpms.Inst.NT]..CopyFiles=CopyFunctionDriver....[stdpms.Inst.NT.Services]..Addservice = stdpms, 0x00000002, stdpms_Service_Inst....[CopyFunctionDriver]..stdpms.sys,,,2....[stdpms_Service_Inst]..DisplayName = %splashtop.SvcDesc%..ServiceTyp

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23272
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.296320987470735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:G7yGlvIydpSkgTyLAykFsAZNOhFB8LHFnYPL/p1P6j7rflo:KyGlvIydQkgTgQFJjrFumXflo
                                                                                                                                                                                                                                                                                            MD5:F44EC7AB90115F60EE5C89C40326E637
                                                                                                                                                                                                                                                                                            SHA1:01BEC4EA8173F191321300587142A6E750728854
                                                                                                                                                                                                                                                                                            SHA-256:C870FAFAD5C6DB27954C0440D9EFDDCE7B9C61D754EF0E77ABF18EFA1055DD90
                                                                                                                                                                                                                                                                                            SHA-512:17FD122441EB1B2DBEAD9D79E0B8DB2CB0D581B930DF140069BD77440AA4F9BF4DB80784F261F57253CF3351546817238AAC81B2D68DA74884C46D514C9A9EDA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................fd......ft......fc......ff.....Rich....................PE..L...>.@R.................*...........p.......0..............................................................................p..(.......8............>...............0...............................................0...............................text...l........................... ..hNONPAGED..... ...................... ..h.rdata.......0......................@..H.data........@......................@...PAGE.........P...................... ..`INIT.........p.......,.............. ....rsrc...8............4..............@..B.reloc..|............:..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):429
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.13651514908582
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kWgfeVKfDFGjdCi4eGjdyE23B1047V1j47V1u477lLWNi:ZoDowvei8XRC4R94RQ4h9
                                                                                                                                                                                                                                                                                            MD5:F42F2B0F25E41755569A7775A5C6F8BA
                                                                                                                                                                                                                                                                                            SHA1:B630C60A3375309731B0B7AC33A9D6E12B44ED50
                                                                                                                                                                                                                                                                                            SHA-256:F026A21D6037169A81AC862A79E4F47C674B34914C1DED36BCDDB8739C838F46
                                                                                                                                                                                                                                                                                            SHA-512:8D9B9335D4767ACFCF651DB62B2B710CC9ECB402980D6A98982A1EA1C0A6F64FBA9762F2A44673CFE5749EE742F5FE68031FCFF968B4B4D2A290E74A0192375B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..reg delete "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /v "BlankScreenType" /f >> inst.log..utils\devcon.exe /r remove *PNP09FF >> inst.log..utils\devcon.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End..utils\DIFxCmd.exe /u stdpms.inf >> inst.log..:End

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):447
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.223602249135668
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kWgMyeVKfDFGjdd4eGjd0E23B1047V1j47V1u477DLWNi:Z3EDoQeiqXRC4R94RQ4P9
                                                                                                                                                                                                                                                                                            MD5:3ADA65DC27A4580E1CF3FDC58A4A8C79
                                                                                                                                                                                                                                                                                            SHA1:C1D8A0723FE1C586CEA434297CEF96E4E25C847D
                                                                                                                                                                                                                                                                                            SHA-256:21D46DA2DC3808664C0D6028271BE0EEAB25DEFE60653E481238EEE96273E609
                                                                                                                                                                                                                                                                                            SHA-512:B55E5E2CD2C1E48C526DEA70C075810F019942A72C2B0BBEF31E2DC8337B104ED5EB199AD6F0D8A16C6DFF3353193E647011A3E80762E47C9E7C13C6FCD4DBB4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..reg delete "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /v "BlankScreenType" /f >> inst.log..utils\devcon64.exe /r remove *PNP09FF >> inst.log..utils\devcon64.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End..utils\DIFxCmd64.exe /u stdpms.inf >> inst.log..:End

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                            MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                            SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                            SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                            SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                            MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                            SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                            SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                            SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                            MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                            SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                            SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                            SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                            MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                            SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                            SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                            SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\XDColMan.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):207184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.508603224700573
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:SJzsVxRROApObap+CPSxzqNJ3pvfsFMV2+/SRVDB:SEOb5x2NxqFMi
                                                                                                                                                                                                                                                                                            MD5:BDF578CA45021464EB4C5F2725FADE13
                                                                                                                                                                                                                                                                                            SHA1:17FD8DD28EBE232EDB4A7D5B4A9734D6F48212F3
                                                                                                                                                                                                                                                                                            SHA-256:F9711EC83463C8D7D8D3C2E0493BBDD9C55D55869AD49E327CC1F0612A836B51
                                                                                                                                                                                                                                                                                            SHA-512:611999852027F5E52A786F4C22A77AF75EE3ECB1584AC1F061100248D19AA1C45C31665A38A46604B1D489A049D3CE00EF43DA7A5E427A3A7C1A5EFA0D874526
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..5.5.3..<.....5.3.*..5.%.B..5.4.=..5.".k..5.2.=..5.7.=..Rich<..................PE..L....N.\...........!.........v......8........................................P............@.........................@...}...\...........................P.... ......@................................T..@............................................text............................... ..`.data....>..........................@....rsrc...............................@..@.reloc.../... ...0..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\stprintmon.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):214992
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.578816818366091
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1yYZVBVmekQ5ncHc43wAmaxEJg3tNqYU51pQ8DfqXF7q9B24CvJ6BAQ:1y8Vf1uTHNqYUH+8GeMvJ4t
                                                                                                                                                                                                                                                                                            MD5:DDBCBCED9CCBA27D296B680D04178B1D
                                                                                                                                                                                                                                                                                            SHA1:5BE1EF49678E4F9250B675DFE595DF1219DD7EF9
                                                                                                                                                                                                                                                                                            SHA-256:B23B42E24EAB4E2F1DD94711EEC741F94D39F5EBAF238820A0B9D464522C24D2
                                                                                                                                                                                                                                                                                            SHA-512:B913058A50A4235925F208E9FA8740DDA1A070168285401FD9C9032C0CC782887F5D92A0D68796D7473E61EE8DDC1E863503C288CAD1F99C233A0DEDE37CB314
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mX.])9r.)9r.)9r.oh...9r.oh..<9r.oh...9r. A..&9r.)9s.G9r.$k...9r.$k..(9r.$k..(9r.)9..(9r.$k..(9r.Rich)9r.........................PE..L...-..Z...........!................(C...............................................:....@.............................Y............P...............0.......`..........8...........................8...@............................................text...p........................... ..`.rdata...e.......f..................@..@.data....4..........................@....rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdbook.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):147280
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.480280521349599
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:Sooboos//G/jWDiNza6LR07qZ2bzl409+E/PXwCSp6WKsAqHew+1l7niE:SooyFiJRmbzl4mZYYqHz+1l7iE
                                                                                                                                                                                                                                                                                            MD5:4359D841792BD3A711065BD347503ED4
                                                                                                                                                                                                                                                                                            SHA1:ED3DA69B4DAAEE1E3C6A35B9B22A3608C210B845
                                                                                                                                                                                                                                                                                            SHA-256:D8BAC61DF2126D9203B3823AA40AF05FE7B6F9C5122DEBAB5F8CEADD1119773B
                                                                                                                                                                                                                                                                                            SHA-512:F1FB6B25199CDBD0C40CCCEB069CF3DC32DEEDC2F21C67CC8C22A189115389795B435631EEA30A94EDE19331FACF475A4BD7163522D9AD0EC1DF6118D1E05EAB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V..V..V..._..V..V..V...Y..V...O..V...^..V...H..V...X..V...]..V.Rich.V.........................PE..L....N.\...........!.........`.......q.......................................p......Y.....@.............................{.......x....0..............."..P....@......................................P>..@............................................text...;........................... ..`.data...@2..........................@....rsrc........0......................@..@.reloc..D$...@...&..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdnup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):160080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.481630469427064
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:CizpEi8PNuoyZLy39r4BRyFr8Tjqe1LP+0hORlE:CUpX8FYFyB8T2oyRa
                                                                                                                                                                                                                                                                                            MD5:1E478E7F7D20800B958E2D1780C805F6
                                                                                                                                                                                                                                                                                            SHA1:F166DB5211F695BA039DC81C246653EC1B25DC02
                                                                                                                                                                                                                                                                                            SHA-256:9989C6791433F8B7FD05F4750F79F9082DBD28087948A366EA695EAC983150CD
                                                                                                                                                                                                                                                                                            SHA-512:852EFB6AE48B3C4BAD4B8E11DC46AAA4CA37A501AFD568B469BB9ED43A27086916588F370286DD1F51834037777C4D2518310A37A469AE7BE19CFE36F08A98D3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c....j..j..j.z...j..k...j.z...j.z....j.z...j.z....j.z...j.z...j.Rich..j.................PE..L....N.\...........!.........b......%........ .......................................r....@.............................z............`...............T..P....p.......................................C..@............................................text............................... ..`.data....2... ......................@....rsrc........`.......&..............@..@.reloc..t&...p...(...,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdscale.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):194896
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4942111692959354
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:0w8OfdMjstdIxIImJZDpwmw6jse70oSzhiVjkXIS1qPfb3PPqFSqQovoRe9C86/9:0w8wZDxspqPfbuSqQCoSz6/e1+1FiAx3
                                                                                                                                                                                                                                                                                            MD5:F0FCF6CB5986E267A978A0DF86471563
                                                                                                                                                                                                                                                                                            SHA1:214F4BB84F7A1981D30B7C4BC13C7B3E4A5CC8B3
                                                                                                                                                                                                                                                                                            SHA-256:34E4A968A87692DA8A2EF073ADD7E19F32009709B50F7C747D1D8BF261C21CBC
                                                                                                                                                                                                                                                                                            SHA-512:529DFD1E587BE6EA67B464C44CC7A0C1B0F6A9CD663590E7BD0083CC7A68DD8F60FC1E81E26012D71CF5C8BD5EFF4B2FB477D5DBEF3FFA1FF4136CE266B5DA6F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c!...O..O..O.z...O..N...O.z...O.z....O.z...O.z....O.z...O.z...O.Rich..O.........PE..L....N.\...........!.........h......Z}....................................... .......g....@.............................|............... ...............P.......4... ................................M..@............................................text...<........................... ..`.data....3..........................@....rsrc... ...........................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):245584
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.433639873152362
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:0w+rqKMvEZF6VPvVpb1eTjLp8D3qkTmII9b9zC+l+smDP00IPWx2Wuw:0drWgFEPNB+MPTHIWjP00Ie3
                                                                                                                                                                                                                                                                                            MD5:FE4F22128776F52062DD8FA74D0B5075
                                                                                                                                                                                                                                                                                            SHA1:3A15B1AD0B5D62D474319A3DB95D985B49537BF1
                                                                                                                                                                                                                                                                                            SHA-256:EC4D01234426AAC9FF2751B209B0484769BEE97A0DC930B1B56A1743CD24B805
                                                                                                                                                                                                                                                                                            SHA-512:163A78CB59061B4B9BE98DC763109744BBBEEDAF8B3CB7EB19A22334AC1F9223880C0E8684FEB4B363C824D9918E72E1B94D5F76AD63235F8C49ADEFC3713637
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.Cr.Cr.C{.2Cy.Cr.C..C{.4Cg.C{."C..C{.3Cs.C{.%C*.C{.5Cs.C{.0Cs.CRichr.C................PE..L....N.\...........!.........................0............................................@..........................(..k.......x........!..............P........,.. ...............................xO..@............................................text...+........................... ..`.data....@...0...$..................@....rsrc....!......."...B..............@..@.reloc...=.......>...d..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdwmark.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):238928
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.071067596161183
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:OG9NqQQHPItXExQNj+mB92u+CW5D37LnuHc45X0T5/uyFNJpfUarTtBB:99AP2b+mBQVJLnYlETtug5T
                                                                                                                                                                                                                                                                                            MD5:2A397EFDA6D84A15B890D56D4292BA6E
                                                                                                                                                                                                                                                                                            SHA1:F985E4893119E6C30191DE84DA25059B33F902A8
                                                                                                                                                                                                                                                                                            SHA-256:398AEC7557E2E1DB30EFCA6FDA0D7D23940B863B396C1A4FC2BB588294F595E6
                                                                                                                                                                                                                                                                                            SHA-512:A199C2FF26C3A3E1DA54D8386F568FA900B853FE3D3754100904EF3153CD72D672971FF72141D9AE5F5BC467D59E2DDC69856C761BBA9DA4488FC69F52A9E5E0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................_.........B....Y......O.....^......H.....X......].....Rich....................PE..L....N.\...........!.........t...............@............................................@.........................p<..|...<1..........................P...........P................................C..@............................................text....,.......................... ..`.data...@2...@.......2..............@....rsrc................H..............@..@.reloc...*.......,...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\XDColMan.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):249168
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.2058943183487445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:E/vPLr8AhQh4jhNgZzSNPSVlX4T1FrKT7EjUOkdny+ywlJZcWzV8TMXU7o91y4Rd:i3LIl4XgsSVloTnPYdn7lJZRZ8QXqsJ/
                                                                                                                                                                                                                                                                                            MD5:EB8DA0234C4D7C7A58B8FB820AFB4BD2
                                                                                                                                                                                                                                                                                            SHA1:1DED1192371D0B0BF17F5AC908A96A1499C1CABD
                                                                                                                                                                                                                                                                                            SHA-256:88F7BDCB33CDC34B5E8834634A36E2B6A45015016C47EFE4B846A4D202326093
                                                                                                                                                                                                                                                                                            SHA-512:789725D38C041CDC311065E7987CC7E79F9A6C00E2F3ABD37096A04F81258636AB0DA6B99F895CC80DA9F770DB0C594EB8467CCA1B77854E091F8FA18F19200D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.V.z`8.z`8.z`8.s...{`8.s...u`8.z`9..`8.s...s`8.s...O`8.s....`8.s...{`8.s...Y`8.s...{`8.s...{`8.Richz`8.........PE..d....N.\.........." .....H..........................................................]@....@..........................................U..}....J...................)......P.......`...@................................................................................text...-F.......H.................. ..`.data....O...`...*...L..............@....pdata...).......*...v..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\stprintmon.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):237008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.30179636306813
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:B+2HsTNg3ex5PUwoEK2dvK7PnGxOkf9V3QhjTvI9Nle9owmPDXpUIJonb:BDHsT2qvoEKMAGxOkVJQhjTAEgY
                                                                                                                                                                                                                                                                                            MD5:7DD3CA728E061F9C438209935DF41FD8
                                                                                                                                                                                                                                                                                            SHA1:D291C17619FB2E9B8A4CF07B53A56DC60CFB4C8E
                                                                                                                                                                                                                                                                                            SHA-256:F19F300E4623E3B57F870D8E4B150F2E70D29E6CB47750671D53667BB0804202
                                                                                                                                                                                                                                                                                            SHA-512:E7D0AB0EB37F6B245B1EBDE46C2D9184AB801EB659E4F4ED7C2AFD07843A1646612290AD3C315EE9BF7FC1A9425B58E2A03810014DDBB621EB46B331AA2E753E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w..w..w...&..w...&..:w...&-.w..c.9.w..w...w..%..w..%..w..%).w..we.w..%,.w..Rich.w..................PE..d...+..Z.........." ................|N..............................................;.....`.........................................`;..Y....;..................0!..............T...@...8...............................p............................................text...[........................... ..`.rdata..............................@..@.data....?...P.......8..............@....pdata..0!......."...T..............@..@.rsrc................v..............@..@.reloc..T............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdbook.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):168784
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.240155377344884
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:l0fRIF+SwIL9Bagg2mCEPToX/ITpu0uOpDSgb2WXa+qM5F:CfaCIJbglCe1Vu0uIDSlOF
                                                                                                                                                                                                                                                                                            MD5:77C729F857CFA38CFE4FCB18EE8F6BAD
                                                                                                                                                                                                                                                                                            SHA1:938F96F880E824D03F1174C3D1CD56922452E5CC
                                                                                                                                                                                                                                                                                            SHA-256:C1C016F2917B395A16936C692C35B8E6CC4C0196C26BC69AA8A686747BA690AD
                                                                                                                                                                                                                                                                                            SHA-512:F921A945EFAD2DF95BAB6574029D6E4502A1C2D52E44550547CE2C812E8D06E8120F9EAB07F728E97F17C4949CC112F20E59938906E0F26988E4F79903BCF658
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#U..pU..pU..p\..p^..pU..p8..p\..pT..p\..p\..p\..pe..p\..p"..p\..pT..p\..pA..p\..pT..p\..pT..pRichU..p........................PE..d....N.\.........." .....*...j......................................................w.....@.........................................`8..{.......x....................v..P...........p................................................................................text....(.......*.................. ..`.data....?...@......................@....pdata...............L..............@..@.rsrc................h..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdnup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):187216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.244838939180771
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:sSUAV0AVZrAVOVrHYapV5Ddr1oxkg9gh0CBEACcodM5nY+WVFGoK4:jvPb6OVrVNJ1ufqBEACjGK
                                                                                                                                                                                                                                                                                            MD5:8E2C3434811B348F7AB9F7DEC6E95C3B
                                                                                                                                                                                                                                                                                            SHA1:349682719857DB46E4A7EBFCEF0F85264B3116F3
                                                                                                                                                                                                                                                                                            SHA-256:11F45D049C8FABF308944D77D17AB3FBB0A7BB5BFA143263B9EFBECA3A568EE3
                                                                                                                                                                                                                                                                                            SHA-512:C271F2BBED3E740D771AF1A3BF684F4CB67C8F9B0D20E7D886817602F76BE8A432B05AB4E2AC8FDFCEEAA194602C81D8C9FFE6E015D224C6DC9C40F125365F5D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4...Z...Z...Z......Z...[..Z.......Z.......Z......Z......Z.......Z......Z.......Z.......Z.Rich..Z.................PE..d....N.\.........." .....n...n....................................................... ....@.........................................0}..z....r..........................P...............................................................X............................text....m.......n.................. ..`.data....?...........r..............@....pdata........... ..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdscale.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):244560
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.236867435454928
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:RuctDSdRbMOiymM/Cufn5B+1jowgreeTwcL:RqXMOFmA5VwgBE0
                                                                                                                                                                                                                                                                                            MD5:61BD6282DB08405FD08C64BC00CEBF4B
                                                                                                                                                                                                                                                                                            SHA1:EC4391249AE7247162C0D28B50ED73B1DCD11246
                                                                                                                                                                                                                                                                                            SHA-256:A3BF8ED5ACCB8EBCA5C9A4430FA54A492E39160AE2BA51285D241D75F1743848
                                                                                                                                                                                                                                                                                            SHA-512:DFEF9209C57E890F7D29280F6A296C5A9D1C3F496464C9EEA28DB0E1C407F2C5042DF926D442480359A120A93D8C44536C5A0C119C3AB6E7D15685F157E28DD6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......kNgi//.://.://.:&W.: /.://.:R/.:&W.:./.:&W.:&/.:&W.:./.:&W.:W/.:&W.:./.:&W.:./.:&W.:./.:&W.:./.:Rich//.:................PE..d....N.\.........." .....>...~......`.....................................................@..........................................L..|....@.......... ........*......P............................................................................................text....=.......>.................. ..`.data....A...P... ...B..............@....pdata...*.......,...b..............@..@.rsrc... ...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):333136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.120290709944056
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:TJNLhV1jxjcVfgFf6QlJpYw4MxuiMRZI7CPdxV4eZ+PyRPP00Io:TJ1j1aVfgFiQ/ug/G1
                                                                                                                                                                                                                                                                                            MD5:8EFFB8A42CBC831CD360E9B1BEF65D98
                                                                                                                                                                                                                                                                                            SHA1:BA78110DA11B7C8C6432F1A128B7D9DF384AE9FD
                                                                                                                                                                                                                                                                                            SHA-256:ECB1BCEA47422DBFD4326669AC5B2DB463088994B12008258EFF2C546237864F
                                                                                                                                                                                                                                                                                            SHA-512:B29D4B954619355A2797A4CA88664BC9679AD1C5EB4A2FE54BAE63399DF06405969B4E2D0098AD6A7C8E0C7A2A9E19F0DE20C5B1D401D933D89D2D71F7A32789
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f2Ji.aJi.aJi.aC..aKi.aC..aAi.aJi.a?i.aC..aCi.aC..azi.aC..a>i.aC..aKi.aC..aci.aC..aKi.aC..aKi.aRichJi.a........................PE..d....N.\.........." .....P...........N.......................................@......5C....@..........................................]..k....S..x........!.......:......P....0..........................................................P............................text...[N.......P.................. ..`.data....V...`...6...T..............@....pdata...:.......<..................@..@.rsrc....!......."..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdwmark.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):273232
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8361644522698635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:7j4c/JPjXOQTuGkfIpmWpnETJLnYlETtu/:7j4cBbEZTTJDY+0
                                                                                                                                                                                                                                                                                            MD5:C52E66AE497C51CF73098D494EEBF8F0
                                                                                                                                                                                                                                                                                            SHA1:8E7E38F30FAD35D8ED935B14FFA1BB5A9EABE4D0
                                                                                                                                                                                                                                                                                            SHA-256:F6F7D5C20A078BE7ABD2402316A605F050388C6303D7F3ABC45F201D1FC5F1FD
                                                                                                                                                                                                                                                                                            SHA-512:579E0DD63720B6D004FFBE6AE1686F43B70CEB8722DAC70FD06E5B06682C0F22282374D5394C06398252A2EA8163EA884239A8065EC5807DE1A9389A479CFC36
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}?...QH..QH..QH.d.H..QH..PH?.QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QHRich..QH................PE..d....N.\.........." .........................................................`............@.............................................|............0...........$......P....P......`................................................................................text............................... ..`.data....>..........................@....pdata...$.......&..................@..@.rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):867
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.162389785193304
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:k8rGqwAcK/EyAZRVowyyAcK/E2kam0LYDeegidym0EZkBqq6JFpYpFSqq6JFrmp5:XrWWFwD7WR8mI/xOZE
                                                                                                                                                                                                                                                                                            MD5:013784DA9890EAB3D914505857EDF2B7
                                                                                                                                                                                                                                                                                            SHA1:92C9CA11174E98F65AD6898705176ED50EF55F95
                                                                                                                                                                                                                                                                                            SHA-256:CDA5DEBA2BE6CFE1E111DF596AC08D45762A96B14AEC796C4E70F128C0734EAC
                                                                                                                                                                                                                                                                                            SHA-512:9D71BEE329BDDA3B8EA064BB92813062D91079BA841AE50D6CC7D2AEAD27D49279D2857141C02BD5FA565D5C497E9E8E8163579A425F7C87550F1F0EFC194652
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):879
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.190136582088596
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:k8rGqwAcK/EyAZRVowyyAcK/E2kam0LYDfyegidym0EZkBqq6JFpYpFSqq6JFrm7:XrWWFwD7WR8fCI/xOZE
                                                                                                                                                                                                                                                                                            MD5:0A0EE03D0C51915B2815280B476530F4
                                                                                                                                                                                                                                                                                            SHA1:6C074D8E0D462B6E6D0CC5C02BABB88D483E3551
                                                                                                                                                                                                                                                                                            SHA-256:C3FB7578267FA09C4446C926532FD869DD8E74CD20AF2915BBEE32DB4D647C9D
                                                                                                                                                                                                                                                                                            SHA-512:85EC5D2898892F847618D7A10D7DD680839A3D0E55603D56C5C39568E8D7B0F63F7A10BF4B063611B9ECD395BD73B89010B421ADD481CDBEF0A50B3770A9C9F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\p_mount.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):214
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.631936044721133
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Hjsm6y9jcK/ES2d6y9jcKZS2bVXzLYwkrnRS2n:DWAcK/EyAcKZRVowyh
                                                                                                                                                                                                                                                                                            MD5:88E59700F53DE95D2847B9687764BE30
                                                                                                                                                                                                                                                                                            SHA1:CD5780DBF1C711B9C28DC001F4149BA3251BECF7
                                                                                                                                                                                                                                                                                            SHA-256:B085F4E0D6A7A4DC967C96D7C318CB749BC497135FD9E35D7AD0C88E6C53F577
                                                                                                                                                                                                                                                                                            SHA-512:6E7D2FD4CF87B63BAB39E225362ECBE60F52FAB0DA42C97834B8EA59D653CDBD06B98E2C490C5465B1999AF2F7869F729CBFC34E55D5ECC768D85D48B9874374
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:cd %~dp0..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\p_unmount.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):203
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.068283784998216
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:mKDDQFGCTWYdym6F9K2MLgZ+X0KcK/F+N7oaf/DEd7/JQF9K2MLgZ+X0KcK/FvK2:hsICTJ6y9jcK/ePD0Sy9jcK/ES2uz
                                                                                                                                                                                                                                                                                            MD5:FA3C191799254E542687F1F5D0974BC5
                                                                                                                                                                                                                                                                                            SHA1:DC85AAC2AA31CD3DE9017E7E099581457AD4FBF2
                                                                                                                                                                                                                                                                                            SHA-256:347B12E6E2FC79E2A3668625341D7642D531159FFE5B01AB2BC5469E0EFC6B3F
                                                                                                                                                                                                                                                                                            SHA-512:635689814E63084910541BA68FE8ADE8FDFBC3D0100AFD61DDD13D07E61F3478BA75E4D24AA7B26DF21A3E46C4ED2B1C8789520C5634CAC63CFE32DCB1E8686E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@echo off....IF [%1] == [] GOTO RunDefault....rundll32 printui.dll,PrintUIEntry /q /dl /n %1..GOTO :EOF....:RunDefault...rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"...GOTO :EOF

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\stprinter.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17908
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.33935778048778
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:fNDJbjaXGStblM2wk0mev6/9IDRfupdYpJIBbIgx+4lMrp2/CsECw8nYe+PjPVhc:n3dw75xa1Sw8nYPLVhtOUez
                                                                                                                                                                                                                                                                                            MD5:2DAC6568B843EBDC5C98598CA32918BE
                                                                                                                                                                                                                                                                                            SHA1:E7740E4BE7F71A82ADBB6E5224D33534E237614C
                                                                                                                                                                                                                                                                                            SHA-256:EB61A0E06BF8C69597F9BB1909E3EB4F926E49800C3F9721FDA3007993DA5EE7
                                                                                                                                                                                                                                                                                            SHA-512:1BC8AA82E68911F5EE1835D19CF49A736C1C35C2F6B4FCD48C3C6FCF7FF6958400D1E815C5E891E172AF9035232175BB00E8A21F5A0590F02DC683F45A6C3D8B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.E...*.H........E.0.E....1.0...`.H.e......0.)...+.....7....(.0.(.0...+.....7....."@..g.O........190419043016Z0...+.....7.....0.(*0....R0.7.B.D.E.B.D.2.1.F.7.7.9.4.E.8.9.E.A.B.D.7.8.5.2.7.7.0.F.9.C.3.C.7.E.4.2.5.0.6...1..Q08..+.....7...1*0(...F.i.l.e........x.d.b.o.o.k...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+.............w...'p....%.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.2.2.5.D.8.6.A.4.8.9.4.8.1.5.2.D.E.3.A.F.3.4.6.4.9.1.B.8.9.3.5.7.9.2.5.3.C.A...1..G06..+.....7...1(0&...F.i.l.e........x.d.n.u.p...g.p.d...0E..+.....7...17050...+.....7.......0!0...+........."]...H.-.4d...W.S.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R1.3.F.C.5.E.A

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\stprinter.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2793
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.507689832444162
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:JQUio6uDhMM/s4244P8/CW2T8/C0kApvgJCrC1sJCr+6pqEsXncT9tuhcOYEZ53t:JQUiRKhMostT9Ap4sr4ssraXx
                                                                                                                                                                                                                                                                                            MD5:313535621266212971E303AF0AF4FE21
                                                                                                                                                                                                                                                                                            SHA1:D81F9D3F7B638DE5EFCA0ECB0162A76485E2C2BF
                                                                                                                                                                                                                                                                                            SHA-256:0B60A283CB98034CEE13118BF1F885A644479CC6F4B19D9E4D24A5FEC6064A1F
                                                                                                                                                                                                                                                                                            SHA-512:8A1A716A2CAD85410F009EE0CDF570F4CA36E3A182927CA5B836F3FC0BEE466F0C4E8B583694A6A4014CE60C45A2439119BF0C1ADDA0ED168053E9F08A6DF608
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature="$Windows NT$"..Provider=%splashtop%..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Class=Printer..DriverVer=04/19/2019,10.0.10012.16386..CatalogFile=stprinter.cat....[Manufacturer]..%splashtop%=Vendor,NTx86,NTamd64,NTx86.6.0,NTamd64.6.0....[Vendor.NTx86]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTamd64]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTx86.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[Vendor.NTamd64.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[INSTALL_XDSMPL_FILTERS_PRE_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..PrintProcessor="MS_XPS,filterpipelineprintproc.dll"..ConfigFile=UniDrvUI.dll..HelpFile=UniDrv.HLP..DataFile=XDSmpl.GPD..Include=NTPRINT.INF, MSXPSDRV.INF..Needs=UNIDRV.OEM, XPSGPD.OEM, XPSDRV.OEM....[INSTALL_XDSMPL_FILTERS_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..Confi

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2543
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.42985763446162
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2uMRFNu4TMlWaDqFNQ29ZNlV2MK712DJNzaMR1X2kKJzgSZwlQXV2MK71euV2MKc:QFQ4ShC66ZLq7UAq7zq7o
                                                                                                                                                                                                                                                                                            MD5:C228BF417378FD98E4229A2BA3054CAE
                                                                                                                                                                                                                                                                                            SHA1:175CCDA93EF8EDBFAB2F1BE507F64690FE5BECE9
                                                                                                                                                                                                                                                                                            SHA-256:1DFD5E0AD2765E39A614EF56603A749C095DDC00E6F50079CDDDA8E18159E73B
                                                                                                                                                                                                                                                                                            SHA-512:6F9D65AA46B702E55D34532A37B33993AD53AB305679768F419A74B8CE2EF8C494CC877606C3C663545111F1189CE4456798D465C1A5EB4F7B6708DEB2A6B719
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..utils\DIFxCmd.exe /u stprinter.inf >> inst.log..utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows NT x86\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\3\xdbook.dll"..del /F /Q "%

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2513
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.408021383480619
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2uMRFNu4TMlWkDqFNQ4ZNlV2MK71AynXV2MK71euV2MK7153w3uV:QFQ4SDC64ZLq7xq7zq7Z
                                                                                                                                                                                                                                                                                            MD5:DB05A3CA2E7604DC2E29A922A4545075
                                                                                                                                                                                                                                                                                            SHA1:0430C36BD56EAC3F65E0060CE91DC60E31F822C5
                                                                                                                                                                                                                                                                                            SHA-256:9E0BD257BFE859F462EEE9E0F1DC20768425F73C9E90B0F7F5EE450726FBB56F
                                                                                                                                                                                                                                                                                            SHA-512:9FDD486F4F7F5D1ED3CBEF4A2246416F88643E27E76D79A433E5450D8790BA264C3219555A0CB57602BC2E3F884C1E1449EA0688D59355D68E23DBE9499F8B60
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..utils\DIFxCmd64.exe /u stprinter.inf >> inst.log..utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\x64\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows x64\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\x64\3\xdbook.dll"..del /F /Q "%WINDIR%

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                            MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                            SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                            SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                            SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                            MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                            SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                            SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                            SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\PrnPort.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7680
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.202360830491015
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:6HbQ34Dthj/wKzGMdCprD4iZ7F+gUABoTndoIvJJGtVAm6XyC7tCEqqb:6Hs4thgNDZ7F+gvqdHvJJ4VR6XPnb
                                                                                                                                                                                                                                                                                            MD5:B6CA717203EF9E8DD1205CAC5D3AF38F
                                                                                                                                                                                                                                                                                            SHA1:818438149A92551042A5D2ABD9000DBE67D93C67
                                                                                                                                                                                                                                                                                            SHA-256:66986A04FDEF120D7F18351648A8737979DFAA3CA82F6504B3EA14F45BEC130C
                                                                                                                                                                                                                                                                                            SHA-512:99D21F55B7E754A2D6063BE9302874D757344893CB496F574C2DB7F124071C361894508BADF7137B17A572EF9792F7E3B3C21292250D76CD33B9863D52A300D6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8..|..|..|..u.!.}..u.7.i..u.0.~..u.'.{..|..W..u.>.~..u.%.}..Rich|..................PE..L.....8R..................................... ....@..........................`......q.....@.................................."..P....@.......................P..T.... ...............................!..@............ ...............................text...>........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\XDColMan.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216416
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5890891928333435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:8JzsVxRROApObap+CPSxzqNJ3pvfsFMV2+/SRVxy8iK:8EOb5x2NxqFMaP
                                                                                                                                                                                                                                                                                            MD5:D57E38A511B607A79307F6966D5F862A
                                                                                                                                                                                                                                                                                            SHA1:7F66DC176D9BDE0715A9050CAD9BA91785F7B192
                                                                                                                                                                                                                                                                                            SHA-256:EF3A7B03F011CBAD96F503BF12BD151B97BAE1EACC700A7F352D175CCFDDB969
                                                                                                                                                                                                                                                                                            SHA-512:72DF85067747090A20441F052796F5BCED00B4F8268568F14646A0C5A0CCD27DC87C9AFEEC689178F885CEDEE0636D61F238F36348F66E7D2EE940D09130C2C1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..5.5.3..<.....5.3.*..5.%.B..5.4.=..5.".k..5.2.=..5.7.=..Rich<..................PE..L....N.\...........!.........v......8........................................P......R.....@.........................@...}...\...........................`A... ......@................................T..@............................................text............................... ..`.data....>..........................@....rsrc...............................@..@.reloc.../... ...0..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\stprintmon.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):214992
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.578816818366091
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1yYZVBVmekQ5ncHc43wAmaxEJg3tNqYU51pQ8DfqXF7q9B24CvJ6BAQ:1y8Vf1uTHNqYUH+8GeMvJ4t
                                                                                                                                                                                                                                                                                            MD5:DDBCBCED9CCBA27D296B680D04178B1D
                                                                                                                                                                                                                                                                                            SHA1:5BE1EF49678E4F9250B675DFE595DF1219DD7EF9
                                                                                                                                                                                                                                                                                            SHA-256:B23B42E24EAB4E2F1DD94711EEC741F94D39F5EBAF238820A0B9D464522C24D2
                                                                                                                                                                                                                                                                                            SHA-512:B913058A50A4235925F208E9FA8740DDA1A070168285401FD9C9032C0CC782887F5D92A0D68796D7473E61EE8DDC1E863503C288CAD1F99C233A0DEDE37CB314
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mX.])9r.)9r.)9r.oh...9r.oh..<9r.oh...9r. A..&9r.)9s.G9r.$k...9r.$k..(9r.$k..(9r.)9..(9r.$k..(9r.Rich)9r.........................PE..L...-..Z...........!................(C...............................................:....@.............................Y............P...............0.......`..........8...........................8...@............................................text...p........................... ..`.rdata...e.......f..................@..@.data....4..........................@....rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdbook.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):156512
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.590357914627137
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:Wooboos//G/jWDiNza6LR07qZ2bzl409+E/PXwCSp6WKsAqHew+1l7nkrZg8iE:WooyFiJRmbzl4mZYYqHz+1l7ki8iE
                                                                                                                                                                                                                                                                                            MD5:C892519FE8AE2163C1368579EEC134F3
                                                                                                                                                                                                                                                                                            SHA1:D5C75AABEDAD20373E7CA40CAF5C986C850974BE
                                                                                                                                                                                                                                                                                            SHA-256:B8C8B0F1DB2CEA6FAB3EEE350143BC677DA3A1E4B246325852B8A0B94A4A77D4
                                                                                                                                                                                                                                                                                            SHA-512:7A2C0C78237E8528AD691D2F7377D33FFCCA06925359CAD0B787DF919A81EDDCB9296F1EE446BDE83CECF3520A070E72BE7956838BD1337987B422127121E093
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V..V..V..._..V..V..V...Y..V...O..V...^..V...H..V...X..V...]..V.Rich.V.........................PE..L....N.\...........!.........`.......q.......................................p......(.....@.............................{.......x....0..............."..`A...@......................................P>..@............................................text...;........................... ..`.data...@2..........................@....rsrc........0......................@..@.reloc..D$...@...&..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdnup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):169312
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.584431984131001
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:XizpEi8PNuoyZLy39r4BRyFr8Tjqe1LP+0hORTj8i0K:XUpX8FYFyB8T2oyREtK
                                                                                                                                                                                                                                                                                            MD5:4FFADA79BA20A933429F72D3B8CF61D9
                                                                                                                                                                                                                                                                                            SHA1:77E7346EF7E7A31A8000150B4B0E4B21CA3BF381
                                                                                                                                                                                                                                                                                            SHA-256:0FF6DD54C4DC7368BD7BAEFFA8CBD294DB31AA318F8F0FBD9088C15B61EB8854
                                                                                                                                                                                                                                                                                            SHA-512:839ABEBEF1A76D168043C8DDFB6B8DF958CA89C3DF602B5B538EB6398332E785C4B0359CB6DF557252BD1191BCAC5C1E1AED6942D2848B5C898BA2FC8EF8D0B7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c....j..j..j.z...j..k...j.z...j.z....j.z...j.z....j.z...j.z...j.Rich..j.................PE..L....N.\...........!.........b......%........ ......................................O.....@.............................z............`...............T..`A...p.......................................C..@............................................text............................... ..`.data....2... ......................@....rsrc........`.......&..............@..@.reloc..t&...p...(...,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdscale.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):204128
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5795919533739005
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:9w8wZDxspqPfbuSqQCoSz6/e1+1FiATl8i9:fw3owojmVW0
                                                                                                                                                                                                                                                                                            MD5:B4AD99DFCCB67C77F6C8E142EE5AD5BA
                                                                                                                                                                                                                                                                                            SHA1:D10B7BE8A5C339185B8E409D4C0BE2103230BAA0
                                                                                                                                                                                                                                                                                            SHA-256:5A280F84B70F41D90B122DBC8E8FCBDA414353CC5C87580FA30B3B51B7696207
                                                                                                                                                                                                                                                                                            SHA-512:EEBC321D90737E161B452D6E27398D1CC1D4737DBE90F7FE5C407C1732178E30CD87228FB0C8B6C6F3B118DC7E46985D231F3059996452861BFCA1AD4A098077
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c!...O..O..O.z...O..N...O.z...O.z....O.z...O.z....O.z...O.z...O.Rich..O.........PE..L....N.\...........!.........h......Z}....................................... .......-....@.............................|............... ...............`A......4... ................................M..@............................................text...<........................... ..`.data....3..........................@....rsrc... ...........................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):254816
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5058723884762335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:kw+rqKMvEZF6VPvVpb1eTjLp8D3qkTmII9b9zC+l+smDP00IPWx2wUj8ii:kdrWgFEPNB+MPTHIWjP00IedH
                                                                                                                                                                                                                                                                                            MD5:BB8D8CE6F052BE2BA3A39768528B88C6
                                                                                                                                                                                                                                                                                            SHA1:0C2D48F22C7231C52C9FDDD35120E971ABA05EC4
                                                                                                                                                                                                                                                                                            SHA-256:B61BA88D2BB36A0A56F00C455BBC530703415F176B5715E9D24FAB82CC935140
                                                                                                                                                                                                                                                                                            SHA-512:EF3CED636733BCF45CE4E1D21D33F50945D6FFE2A5478A19D538A30C3071E5F78D539B0E3718EEAF404614EEE182E60AE3697E499C0D7EC769D272CD5B58CCA9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.Cr.Cr.C{.2Cy.Cr.C..C{.4Cg.C{."C..C{.3Cs.C{.%C*.C{.5Cs.C{.0Cs.CRichr.C................PE..L....N.\...........!.........................0.......................................l....@..........................(..k.......x........!..............`A.......,.. ...............................xO..@............................................text...+........................... ..`.data....@...0...$..................@....rsrc....!......."...B..............@..@.reloc...=.......>...d..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdwmark.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):248160
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.1098745205591625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:AG9NqQQHPItXExQNj+mB92u+CW5D37LnuHc45X0T5/uyFNJpfUarTtvU8il:f9AP2b+mBQVJLnYlETtug5jw
                                                                                                                                                                                                                                                                                            MD5:62945189F63210AFE22EC07C93A323C2
                                                                                                                                                                                                                                                                                            SHA1:ADEE11D641B6BC9E9F46B95388680D291C795A33
                                                                                                                                                                                                                                                                                            SHA-256:DD36F7448202BB06C634DD18F911B830615B61E9849900C7DCD92B1157F2C671
                                                                                                                                                                                                                                                                                            SHA-512:B62D7E7668F2E02330690D373EFB815FBBBD12E771FDB4EA46EDA8386AB8A969DB40158132F8C15ACA65C87CDF8920D46075055BB9B73DF42FD49777DF7EB6BD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................_.........B....Y......O.....^......H.....X......].....Rich....................PE..L....N.\...........!.........t...............@............................................@.........................p<..|...<1..........................`A..........P................................C..@............................................text....,.......................... ..`.data...@2...@.......2..............@....rsrc................H..............@..@.reloc...*.......,...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\XDColMan.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):258400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.288592681682295
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:I3LIl4XgsSVloTnPYdn7lJZRZ8QXqsJ3H+:IUlJVmgh5asJ3+
                                                                                                                                                                                                                                                                                            MD5:372C4A2430E2BF3E0A3C0D51996ADEA5
                                                                                                                                                                                                                                                                                            SHA1:F6F2F8D750D08BE940AE2B655804C106E9C7491D
                                                                                                                                                                                                                                                                                            SHA-256:FE632C826ABA5F694DE6684506B72BDECBFD712E9DE2ACDDDE1F2C880EE2646B
                                                                                                                                                                                                                                                                                            SHA-512:C017A180893D39463068DA5DF647D959603CEE7979CA420963FEF9D09309FCA0B744D7268DC2A0FC4AFCD41F912714CF14003CC9AC5FB6A033AA91962E9981C3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.V.z`8.z`8.z`8.s...{`8.s...u`8.z`9..`8.s...s`8.s...O`8.s....`8.s...{`8.s...Y`8.s...{`8.s...{`8.Richz`8.........PE..d....N.\.........." .....H................................................................@..........................................U..}....J...................)......`A......`...@................................................................................text...-F.......H.................. ..`.data....O...`...*...L..............@....pdata...).......*...v..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\stprintmon.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):237008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.30179636306813
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:B+2HsTNg3ex5PUwoEK2dvK7PnGxOkf9V3QhjTvI9Nle9owmPDXpUIJonb:BDHsT2qvoEKMAGxOkVJQhjTAEgY
                                                                                                                                                                                                                                                                                            MD5:7DD3CA728E061F9C438209935DF41FD8
                                                                                                                                                                                                                                                                                            SHA1:D291C17619FB2E9B8A4CF07B53A56DC60CFB4C8E
                                                                                                                                                                                                                                                                                            SHA-256:F19F300E4623E3B57F870D8E4B150F2E70D29E6CB47750671D53667BB0804202
                                                                                                                                                                                                                                                                                            SHA-512:E7D0AB0EB37F6B245B1EBDE46C2D9184AB801EB659E4F4ED7C2AFD07843A1646612290AD3C315EE9BF7FC1A9425B58E2A03810014DDBB621EB46B331AA2E753E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w..w..w...&..w...&..:w...&-.w..c.9.w..w...w..%..w..%..w..%).w..we.w..%,.w..Rich.w..................PE..d...+..Z.........." ................|N..............................................;.....`.........................................`;..Y....;..................0!..............T...@...8...............................p............................................text...[........................... ..`.rdata..............................@..@.data....?...P.......8..............@....pdata..0!......."...T..............@..@.rsrc................v..............@..@.reloc..T............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdbook.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):178016
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.354805848687379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:X0fRIF+SwIL9Bagg2mCEPToX/ITpu0uOpDSgb2WXa+qubG8iu:EfaCIJbglCe1Vu0uIDSlWtf
                                                                                                                                                                                                                                                                                            MD5:D16039589730B0C6E6B5227C041FB1B4
                                                                                                                                                                                                                                                                                            SHA1:F8F942DBB62CBC15F7ED0BE8750C9C564638FBF8
                                                                                                                                                                                                                                                                                            SHA-256:ACA0DF6F5EB1DE40506943B30BBDA614F886523C093F5C9A3587C3E1161F0DF0
                                                                                                                                                                                                                                                                                            SHA-512:35ED0D4AD06E4979970CA2AD58B81735E50AAB755605216BB059EBE698B82F6C627F5F7E29ADC9FB3BC58C7EFB4E8ACA2B323F2E2813D4EA7EE39363DE0E1D64
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#U..pU..pU..p\..p^..pU..p8..p\..pT..p\..p\..p\..pe..p\..p"..p\..pT..p\..pA..p\..pT..p\..pT..pRichU..p........................PE..d....N.\.........." .....*...j......................................................K.....@.........................................`8..{.......x....................v..`A..........p................................................................................text....(.......*.................. ..`.data....?...@......................@....pdata...............L..............@..@.rsrc................h..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdnup.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):196448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.349185940783631
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:lSUAV0AVZrAVOVrHYapV5Ddr1oxkg9gh0CBEACcodM5nY+WVFGoEM8ip:AvPb6OVrVNJ1ufqBEACjG/Y
                                                                                                                                                                                                                                                                                            MD5:A88901EB863EC013B461A84DACB4C795
                                                                                                                                                                                                                                                                                            SHA1:40303F44732A2C8DBEAF4EC13CD32FCED66D8F8A
                                                                                                                                                                                                                                                                                            SHA-256:FF295F8914F76DFE707455FE633BFC42B805BB4D3274C2290E1E5D56A383E969
                                                                                                                                                                                                                                                                                            SHA-512:92BD7F2CE6DB83A744972503B4352ADC210FE10C0BDC026F953A925361365E95B79A4A1CEF3677266AE7178FAC24AA64A353115362E987F1DFD84BA38A6F9B25
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4...Z...Z...Z......Z...[..Z.......Z.......Z......Z......Z.......Z......Z.......Z.......Z.Rich..Z.................PE..d....N.\.........." .....n...n...........................................................@.........................................0}..z....r..........................`A..............................................................X............................text....m.......n.................. ..`.data....?...........r..............@....pdata........... ..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdscale.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):253792
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.319719994714089
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:NuctDSdRbMOiymM/Cufn5B+1jowgreeTwcV1:NqXMOFmA5VwgBEg1
                                                                                                                                                                                                                                                                                            MD5:668A98269B12A2C17E39137AC8D7B716
                                                                                                                                                                                                                                                                                            SHA1:E438E9031338158FE70B9D7821200DC4929380CA
                                                                                                                                                                                                                                                                                            SHA-256:200D323E0842ABC93E22F6D475928AB0DAC6AA9F3824CF8E729E8049852AC54A
                                                                                                                                                                                                                                                                                            SHA-512:E2E425489A084022AE23AF65D4869B24A247E3159DA5ED4E31B0CDB11C0BE30AF9EEA12ECF68F9C8269B60ECC1BB489F3EFDE00F4F8885AA2631EFAB3E54BCBC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......kNgi//.://.://.:&W.: /.://.:R/.:&W.:./.:&W.:&/.:&W.:./.:&W.:W/.:&W.:./.:&W.:./.:&W.:./.:&W.:./.:Rich//.:................PE..d....N.\.........." .....>...~......`................................................8....@..........................................L..|....@.......... ........*......`A...........................................................................................text....=.......>.................. ..`.data....A...P... ...B..............@....pdata...*.......,...b..............@..@.rsrc... ...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):342368
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.187004427741537
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:T7NLhV1jxjcVfgFf6QlJpYw4MxuiMRZI7CPdxV4eZ+PyRPP00I7Q:T71j1aVfgFiQ/ug/GMQ
                                                                                                                                                                                                                                                                                            MD5:96BDC666BCD7D432D6C7D4170C8E6046
                                                                                                                                                                                                                                                                                            SHA1:1B705A191731ECA3369435D9906C8275C5D326C2
                                                                                                                                                                                                                                                                                            SHA-256:DC4C32919B533A79D9EA76BDE59975DD149AA9C7B7278B076019C080A3A97C56
                                                                                                                                                                                                                                                                                            SHA-512:DDD9E42633F98A7E5F6F7E3E4571815F9D80EA16084B23A82DBE22E929FD6F0BD791EB3DFA7BB229D73D101C66077C99FE47A5CEAB1DF6917A6E4DF209853162
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f2Ji.aJi.aJi.aC..aKi.aC..aAi.aJi.a?i.aC..aCi.aC..azi.aC..a>i.aC..aKi.aC..aci.aC..aKi.aC..aKi.aRichJi.a........................PE..d....N.\.........." .....P...........N.......................................@......~d....@..........................................]..k....S..x........!.......:......`A...0..........................................................P............................text...[N.......P.................. ..`.data....V...`...6...T..............@....pdata...:.......<..................@..@.rsrc....!......."..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdwmark.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):282464
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.880530047125276
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:tj4c/JPjXOQTuGkfIpmWpnETJLnYlETtuwv:tj4cBbEZTTJDY+jv
                                                                                                                                                                                                                                                                                            MD5:F26D954E0F23049CAA4F698934DB5371
                                                                                                                                                                                                                                                                                            SHA1:B0FC39DFF9871778A767B95F0D1CD6E56F939071
                                                                                                                                                                                                                                                                                            SHA-256:186500D4E31ADF5FA2DC02F112EDE6FCA86C1BC48731EA224CFE83C160ABD1CD
                                                                                                                                                                                                                                                                                            SHA-512:BF79667EC9E85FCC6214BB8B3352DCF4B43A042708F471C293B507574A446D938C4E5981C6E9FA4E81AF98A91B6A72CB678F06B91E064F3FCA48744DC0DFF94F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}?...QH..QH..QH.d.H..QH..PH?.QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QHRich..QH................PE..d....N.\.........." .........................................................`...........@.............................................|............0...........$......`A...P......`................................................................................text............................... ..`.data....>..........................@....pdata...$.......&..................@..@.rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):870
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.164710229415834
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kcrGqwAcK/EyAZRVowyyAcK/E2kam0LYDeegidym0EZkBqq6JFpYpFSqq6JFrmp5:BrWWFwD7WR8mI/xOZE
                                                                                                                                                                                                                                                                                            MD5:50B0957220D10275274CAC025EAA6883
                                                                                                                                                                                                                                                                                            SHA1:8F677ED1CD73A05F634AA06AD6BED1DA4C6BD80F
                                                                                                                                                                                                                                                                                            SHA-256:B76D74AEC705A3F9FD055307A966777ADB279FB06D03524C992E608FE73AEB22
                                                                                                                                                                                                                                                                                            SHA-512:C62DAAC3AC516500D819718BF5697D948B6EB684276A21A80E6E9C26FE5F1D0593D7FE281702D3BC48D2A1897B0EB7BD910CEE0978950C0F6636FB86E72B6BD3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....\utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):882
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.192332970304343
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:kcrGqwAcK/EyAZRVowyyAcK/E2kam0LYDfyegidym0EZkBqq6JFpYpFSqq6JFrm7:BrWWFwD7WR8fCI/xOZE
                                                                                                                                                                                                                                                                                            MD5:16BBC22B18C5325649C98DD02F3DDDBF
                                                                                                                                                                                                                                                                                            SHA1:B6F97171D20CBC84DEDB07C304F92B25B5A08450
                                                                                                                                                                                                                                                                                            SHA-256:8C3BED319076C7B27FB5D9CD7DCE31E8EE09624E191BC3D709962426FB12951A
                                                                                                                                                                                                                                                                                            SHA-512:293E8BF93A22021FD80AA95A30965287BF40F5030DA457BC16D004E86C3B3FF8983DA8C0D743A42F1CBF935A2EB8E1CB5FCB488914B51330686B2C60BD1C71B9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....\utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\p_mount.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):214
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.631936044721133
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Hjsm6y9jcK/ES2d6y9jcKZS2bVXzLYwkrnRS2n:DWAcK/EyAcKZRVowyh
                                                                                                                                                                                                                                                                                            MD5:88E59700F53DE95D2847B9687764BE30
                                                                                                                                                                                                                                                                                            SHA1:CD5780DBF1C711B9C28DC001F4149BA3251BECF7
                                                                                                                                                                                                                                                                                            SHA-256:B085F4E0D6A7A4DC967C96D7C318CB749BC497135FD9E35D7AD0C88E6C53F577
                                                                                                                                                                                                                                                                                            SHA-512:6E7D2FD4CF87B63BAB39E225362ECBE60F52FAB0DA42C97834B8EA59D653CDBD06B98E2C490C5465B1999AF2F7869F729CBFC34E55D5ECC768D85D48B9874374
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:cd %~dp0..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\p_unmount.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):203
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.068283784998216
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:mKDDQFGCTWYdym6F9K2MLgZ+X0KcK/F+N7oaf/DEd7/JQF9K2MLgZ+X0KcK/FvK2:hsICTJ6y9jcK/ePD0Sy9jcK/ES2uz
                                                                                                                                                                                                                                                                                            MD5:FA3C191799254E542687F1F5D0974BC5
                                                                                                                                                                                                                                                                                            SHA1:DC85AAC2AA31CD3DE9017E7E099581457AD4FBF2
                                                                                                                                                                                                                                                                                            SHA-256:347B12E6E2FC79E2A3668625341D7642D531159FFE5B01AB2BC5469E0EFC6B3F
                                                                                                                                                                                                                                                                                            SHA-512:635689814E63084910541BA68FE8ADE8FDFBC3D0100AFD61DDD13D07E61F3478BA75E4D24AA7B26DF21A3E46C4ED2B1C8789520C5634CAC63CFE32DCB1E8686E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@echo off....IF [%1] == [] GOTO RunDefault....rundll32 printui.dll,PrintUIEntry /q /dl /n %1..GOTO :EOF....:RunDefault...rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"...GOTO :EOF

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\stprinter.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19851
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.774813122930257
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:UelM68cpgw3otOCxH50u4RkeelMpSfpd/CJHJ2elMSJfApwtNJKGT1hvJNMvIqvQ:EWtO5smIwg9Zh3q8pUclGNbc
                                                                                                                                                                                                                                                                                            MD5:1D56A3F8D7F5DAB184A8CC4FEDDAA173
                                                                                                                                                                                                                                                                                            SHA1:75D291CB96FDC05D54C962F1CB08796EE439B22F
                                                                                                                                                                                                                                                                                            SHA-256:84E1A32B4975E92477CF6A36D8931921DA735EF988E0C09A2B056F2904541B1E
                                                                                                                                                                                                                                                                                            SHA-512:FB58167A98D9309A703F06D5C6414AB707B37E90A26BFC1C0812B10381C116FA6C7C26AC30FC8570B8F87186775BC64E7AF6D409A7D213FC3B4B76B0B7A76FB6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.M...*.H........Mx0.Mt...1.0...`.H.e......0.)...+.....7....).0.).0...+.....7.......m...G..|.O.p...190419044412Z0...+.....7.....0.(.0.... ....z.sXce...j.....Z.j.R...Z.#/.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........x.d.s.m.p.l.u.i...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ....z.sXce...j.....Z.j.R...Z.#/.0.........w...'p....%.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........x.d.b.o.o.k...d.l.l...0.... ...v...f..t..t........n.....d.*1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........x.d.w.s.c.r.g.b...i.c.c...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ...v...f..t..t........n.....d.*0.... ..T...x....0.DU._........z.^...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........x.d.p.g.s.c.l...g.p.d...0U..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\stprinter.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2793
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.507689832444162
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:JQUio6uDhMM/s4244P8/CW2T8/C0kApvgJCrC1sJCr+6pqEsXncT9tuhcOYEZ53t:JQUiRKhMostT9Ap4sr4ssraXx
                                                                                                                                                                                                                                                                                            MD5:313535621266212971E303AF0AF4FE21
                                                                                                                                                                                                                                                                                            SHA1:D81F9D3F7B638DE5EFCA0ECB0162A76485E2C2BF
                                                                                                                                                                                                                                                                                            SHA-256:0B60A283CB98034CEE13118BF1F885A644479CC6F4B19D9E4D24A5FEC6064A1F
                                                                                                                                                                                                                                                                                            SHA-512:8A1A716A2CAD85410F009EE0CDF570F4CA36E3A182927CA5B836F3FC0BEE466F0C4E8B583694A6A4014CE60C45A2439119BF0C1ADDA0ED168053E9F08A6DF608
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature="$Windows NT$"..Provider=%splashtop%..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Class=Printer..DriverVer=04/19/2019,10.0.10012.16386..CatalogFile=stprinter.cat....[Manufacturer]..%splashtop%=Vendor,NTx86,NTamd64,NTx86.6.0,NTamd64.6.0....[Vendor.NTx86]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTamd64]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTx86.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[Vendor.NTamd64.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[INSTALL_XDSMPL_FILTERS_PRE_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..PrintProcessor="MS_XPS,filterpipelineprintproc.dll"..ConfigFile=UniDrvUI.dll..HelpFile=UniDrv.HLP..DataFile=XDSmpl.GPD..Include=NTPRINT.INF, MSXPSDRV.INF..Needs=UNIDRV.OEM, XPSGPD.OEM, XPSDRV.OEM....[INSTALL_XDSMPL_FILTERS_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..Confi

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2561
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.431790187193416
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2uMRFNu4TMlWoDqFNQ29ZNlV2MK712DJNzaMR1X2kKJzgSZwlQXV2MK71euV2MKo:QFQ4SDC66ZLq7UAq7zq7E
                                                                                                                                                                                                                                                                                            MD5:AD8561D2E73AFD63F5A088972D435467
                                                                                                                                                                                                                                                                                            SHA1:FA7F53A308C00B0C5E1ACE95489658840EAF13A3
                                                                                                                                                                                                                                                                                            SHA-256:68C4AF8BB6C4FB75CFA95739DF4E3B288DBBFB141E6851275E2F9EFFCA893015
                                                                                                                                                                                                                                                                                            SHA-512:AA240EFD0EFD508CE48D444997E65DE8A36DE321764196C294F1366A77C3D30AEA6BF31AF53C7644BD3D027284B266D06D0B574E69598D50D44005718F3F2178
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....\utils\DIFxCmd.exe /u stprinter.inf >> inst.log....\utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows NT x86\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\3\xdbook.dll"..del /F

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2519
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.407961236238507
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2uMRFNu4TMlWSDqFNQ4ZNlV2MK71AynXV2MK71euV2MK7153w3uV:QFQ4SJC64ZLq7xq7zq7Z
                                                                                                                                                                                                                                                                                            MD5:5FD0095B7389DBEDA4EC394C06AC4657
                                                                                                                                                                                                                                                                                            SHA1:7C5D1C3E2B062F6E993AB34292749B03FD7007A8
                                                                                                                                                                                                                                                                                            SHA-256:692FE4C899554BBFA0A05A0183F46C23A24E48FB4371DC0863B7A24452FE5252
                                                                                                                                                                                                                                                                                            SHA-512:F38926653AF960FE11AD843E7C89BB9DC62C29225D2DF10B0CA9BA4F668637BE053778EE726F42A2DC76FA801593A08A69DE4CDEFCB9BE037CA094D34773A8D6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....\utils\DIFxCmd64.exe /u stprinter.inf >> inst.log....\utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\x64\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows x64\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\x64\3\xdbook.dll"..del /F /Q "%W

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdCMYKPrinter.icc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft color profile 2.2, type lino, CMYK/Lab-prtr device by MSFT, 849080 bytes, 10-5-2006 15:02:14 "Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile f"
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):849080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.924819797081704
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:nupHTMj2vkdYa+kYfwx+rbgal21W0M5SU1yr2U5fOFQw8LHxrLiYJVarTH46xL1F:upgavkz+UIUBRm020G7
                                                                                                                                                                                                                                                                                            MD5:8EE08E7B69A5F2ECA6BB3A5EEDB48649
                                                                                                                                                                                                                                                                                            SHA1:FF7CFA21BDCB220EC0450E76A1C2AB0854CAEBD6
                                                                                                                                                                                                                                                                                            SHA-256:2B215C1FA5CAA10582BDAFE6B51A911C9D8B2B0B456EEEFF955064FDC3844D98
                                                                                                                                                                                                                                                                                            SHA-512:12AEA33F800D5203811DE1FFA1181BD1B8A58C54BD52A9D2BF7A4084CC2BBC52C9E74E9434C41C6B1EB2CA451E81D5E11B3CE6B827BA4B0F14927EB4FAD62FF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:....lino. ..prtrCMYKLab ............acspMSFT...................................-MSFT................................................desc........cprt.......1wtpt...,....A2B0...@....B2A0........A2B1...@....A2B2...@....B2A1........B2A2........gamt..^.....MS00...P..gfdesc........Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos...enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .C.M.Y.K.P.r.i.n.t.e.r...c.d.m.p.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......c........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdbook.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1808
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.525972600570173
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9QltHlRIORmRCjR73RpRvrmRCgORmRCjR73RpRS:sDuH87FRDRmRCjRrRpRvrmRCbRmRCjRI
                                                                                                                                                                                                                                                                                            MD5:9303837EFF41196B0FC3D6AD46FE43AF
                                                                                                                                                                                                                                                                                            SHA1:9AFBCA730F3A98C5C43AC1AF156BCD6C3CE366E5
                                                                                                                                                                                                                                                                                            SHA-256:ABD2E8A90B9949D61DF21DF88AED7040542555A0228BB0B375439F8488A06294
                                                                                                                                                                                                                                                                                            SHA-512:9F8C9956CEB14B7A275B346A48A1C010DEB23D94BAB4E0FFD395D23B5573533EB80630092CA6A458D33762E55C260752CA294B5E0632179ECC18F17A0B961D55
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdbook.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Booklet specific GPD settings...*%....*%******************************************************************************..*% JobBindAllDocuments..*%******************************************************************************..*Feature: JobBindAllDocuments..{.. *rcNameID: =IDS_GPD_JOBBINDING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: BindLeft.. {.. *rcNameID: =IDS_GPD_LTOR.. }.... *Option: BindRight.. {.. *rcNameID: =IDS_GPD_RTOL.. }.... *Option:

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdcolman.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2718
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.658165462032682
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9xmSx8iZR/+eRxSRURJPRo/8nRFGR7RrXh8TpR9KbzkR5BMLkRWkc4:sDuHN/DRFRkRURJPRo/ARYR7Rrx+R98+
                                                                                                                                                                                                                                                                                            MD5:3F80884F3D1F3B9D5D3C7279131ECB4D
                                                                                                                                                                                                                                                                                            SHA1:17AB016E8AFA453B5A7DA19A6F2AB6AE0B3D78F4
                                                                                                                                                                                                                                                                                            SHA-256:4D09EE22E6A9BFB33E13F5391830FFDA13A572DC6DA1E22D1DEE3D4CAD7BBBD9
                                                                                                                                                                                                                                                                                            SHA-512:363579BDE28329209801FFA7EE0A3A5DD4278886453221768D2F3D7A1ECFE348884004FA08F9B6006E35A6098B72F1738B7B425C9AC8F5F2ACBDC5FD26EEA50A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdcolman.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Color Management specific GPD settings...*%....*%******************************************************************************..*% PageColorManagement..*%******************************************************************************..*Feature: PageColorManagement..{.. *rcNameID: =IDS_GPD_PAGECOLMAN.. *DefaultOption: None.. *PrintSchemaKeywordMap: "PageColorManagement".... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. *PrintSchemaKeywordMap: "None".. }.... *Option: Device.. {.. *rcNameID: =IDS_GPD_D

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdnames.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6871
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6709110049190015
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:sDuHL5cq9ORGELoQ+4JH3U/y5EDeP8N4f6TfSqXYY0s9DOS:3HL5G0Ex+AX0yAePzO0S
                                                                                                                                                                                                                                                                                            MD5:9196C9FAF999C94DA04F4679E823D753
                                                                                                                                                                                                                                                                                            SHA1:BF4445CFF27EC04248BB645C74AAAF6B1EE95B6D
                                                                                                                                                                                                                                                                                            SHA-256:411DFDB99C624831D1E755AD5D861ECE1C2EFCEF23A6C7F89F6C2BA251BBED0A
                                                                                                                                                                                                                                                                                            SHA-512:94A3C1F51B03A91220F9AEF9D8BDDAB6DAD74BE971D5D16B5B308DC5403DE1AFCB3A8D40E0F48CEC1834DE596192BED99C78B03B2538A9594B99347B589650B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnames.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver GPD resource names...*%....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }.. *Option: xdsmplui.. {.. *Name: "xdsmplui.dll".. }..}....*Macros: StdFeatureNames..{.. IDS_GPD_1PPS: RESDLL.xdsmplui.2000.. IDS_GPD_2PPS: RESDLL.xdsmplui.2001.. IDS_GPD_4PPS: RESDLL.xdsmplui.2002.. IDS_GPD_6PPS: RESDLL.xdsmplui.2003.. IDS_GPD_8PPS:

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdnup.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4068
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.508459493570281
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:sDuHqDYRxRGRDRPRbRERfRSdg9Re9RxjR4RURFRjjRkRSRA1sogRyRGRDRPRbREN:3HqZtgst0P
                                                                                                                                                                                                                                                                                            MD5:CFFD55A27BDF496CABE9C41E80A42A72
                                                                                                                                                                                                                                                                                            SHA1:09225D86A48948152DE3AF346491B893579253CA
                                                                                                                                                                                                                                                                                            SHA-256:D0B69D3877190BFAFCADB90D9D4F6C81DA15CD5E3CBE45BAB4E60BC812FF32C0
                                                                                                                                                                                                                                                                                            SHA-512:D1F0A7C72657897B2394D8C166D4E079CAB6CC3BE35621A8B014F541A1A73245DDD0865C4AE810E1784AC973AEA0419F7DFC42DA42A5B81284B539DC0A24EB29
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnup.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver NUp specific GPD settings...*%....*%******************************************************************************..*% JobNUpAllDocumentsContiguously..*%******************************************************************************..*Feature: JobNUpAllDocumentsContiguously..{.. *rcNameID: =IDS_GPD_JOBNUP.. *DefaultOption: 1.. *PrintSchemaKeywordMap: "JobNUpAllDocumentsContiguously".... *Option: 1.. {.. *rcNameID: =IDS_GPD_1PPS.. }.... *Option: 2.. {.. *rcNameID: =IDS_GPD_2PPS.. }.... *Option: 4.. {..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdpgscl.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2522
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.708364933060842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9Ydp88+qRIOR3NRXRAR6R5eR7RZboRaYipRazRapjRafRa6RamRaRA:sDuHco4RDR3NRXRAR6R5eR7RZboRaYuY
                                                                                                                                                                                                                                                                                            MD5:F492FC30EFAE3C1548C17D4419E37778
                                                                                                                                                                                                                                                                                            SHA1:887F31639800999D7225AF1EE3F26B601D726401
                                                                                                                                                                                                                                                                                            SHA-256:08FF54CC8DC7E978B8129017307F4455025FC37F891A9EE6CAD37ADA5EB0CEC7
                                                                                                                                                                                                                                                                                            SHA-512:0F354DBC8B430B168EBAA1BBBAE48DFC6DD285912C1324673BD04AFBDD2947CC3BA8448B440337655377A43A40DC9592CDE26F71A635EEB12746877971C5519D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdpgscl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver page scaling specific GPD settings...*%....*%******************************************************************************..*% PageScaling..*%******************************************************************************..*Feature: PageScaling..{.. *rcNameID: =IDS_GPD_PAGESCALING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Custom.. {.. *rcNameID: =IDS_GPD_CUSTOM.. }.... *Option: CustomSquare.. {.. *rcNameID: =IDS_GPD_CUSTSQUARE.. }.... *Option:

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdsmpl-PipelineConfig.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2476
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.158189280019379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:qDG8kHYKsJyhBk//ojAd+6IG0c9RLN0KUvfaZhcLNhpMubDUHeLNq63PfaZhcLNM:qDhkHtsI4aV46+ZhOb2tZhzZh7jZh/v
                                                                                                                                                                                                                                                                                            MD5:B628B4F8CC199D26E18FE27BD4A29BBD
                                                                                                                                                                                                                                                                                            SHA1:CBB6FB510D708AE85CC0F715617BCD788A613727
                                                                                                                                                                                                                                                                                            SHA-256:12DCC665FDEFEE3D3D771F5727F86FB812C606FCE0E7A3DA943A2072295D2984
                                                                                                                                                                                                                                                                                            SHA-512:825E8583B140C3CA5C44669AAAEF7654A90977F15FD0959FC17DEE30E18C3275EDFE2366A5C90CE707AF28951A56194CBA0CBEE6967CD95FA9CA8CFD6EF189F3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview: ....Copyright (c) 2005 Microsoft Corporation....All rights reserved.....THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..PARTICULAR PURPOSE.....File Name:.... xdsmpl-pipelineconfig.xml....Abstract:.... XPSDrv sample driver filter configuration file. This identifies the.. filters that comprise the filter pipeline and their order.....-->....<Filters>.. <Filter dll = "XDWMark.dll".. clsid = "{B8B525BF-F147-460a-B2D5-9DFB1F30D0FD}".. name = "Watermark filter">.. <Input guid = "{b8cf8530-5562-47c4-ab67-b1f69ecf961e}" comment="IID_IXpsDocumentProvider"/>.. <Output guid = "{4368d8a2-4181-4a9f-b295-3d9a38bb9ba0}" comment="IID_IXpsDocumentConsumer"/>.. </Filter>.. <Filter dll = "XDScale.dll".. clsid = "{976EDCE4-274E-482a-97

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdsmpl.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11986
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7262628705263445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:3HDc4F4V4U4k4v4g4L4wfyPUc5Bn+vjdQjNuDVjFfJCk72sI/72sIPTZGjo2D:KyPUc5Bn+bdsN4jFfJR25T25wZ
                                                                                                                                                                                                                                                                                            MD5:E1F2A2FD0D41438A375F0DDC1822AA7C
                                                                                                                                                                                                                                                                                            SHA1:267F8BFFABCCA4D46556519C105C0C6055B6F6D0
                                                                                                                                                                                                                                                                                            SHA-256:606E0918952F5441D31F5335F09FD6AACAE0A5850A0174280FF34F6772A0B768
                                                                                                                                                                                                                                                                                            SHA-512:1CF4B1E989819ECB134DCBD9C842F69D97A4949ED319D712BF14729C8A0BE0FF22122E3FADC4F4B2A86916F5EBF717E5CCE6E7620DD90EA73551CB523703EC0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdsmpl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver main GPD file...*%....*GPDFileVersion: "1.2"..*GPDSpecVersion: "1.2"..*GPDFileName: "XDSmpl.gpd"..*Include: "msxpsinc.gpd"..*Include: "StdNames.gpd"..*Include: "xdnames.gpd"..*Include: "xdwmark.gpd"..*Include: "xdbook.gpd"..*Include: "xdcolman.gpd"..*Include: "xdnup.gpd"..*Include: "xdpgscl.gpd"..*ModelName: "XPSDrv Sample Driver"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 1....*%*********************************************************************

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdsmpl.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):475
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.248799523355892
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:fp+BF8aNytrHLCSKsSHUJhGbkxIESnPEcF4RqWo40nUv:fp+D8MkHLNKsSyh2kBoP3FsqA02
                                                                                                                                                                                                                                                                                            MD5:2EFCEBC23D661F3BFA0A4A4BE0588466
                                                                                                                                                                                                                                                                                            SHA1:1ED92AEC943CFE143A7DBBCE2A82141D67FB9169
                                                                                                                                                                                                                                                                                            SHA-256:DC50AFD088B0D72935D0CDF8F99071A7C80A4979BC9AF915016DD847F222EBE9
                                                                                                                                                                                                                                                                                            SHA-512:FC1FF31E2CBFA1BC8A825548C6C4661236FAF12D8B75F25010E783DE116FC48B61F0188A4673C2C60A52181F6E7F0EFE39BF9B0A7D35B1937EC02B97FCCB7955
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:;..; Copyright (c) 2005 Microsoft Corporation..;..; All rights reserved...;..; THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..; ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..; PARTICULAR PURPOSE...;..; File Name:..;..; xdsmpl.ini..;..; Abstract:..;..; XPSDrv sample driver configuration file for UI plug-in...;....[OEMFiles]..OEMConfigFile1=xdsmplui.DLL......

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdwmark.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1554
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.555759044915239
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9Tmm8LYReOR1RwrRpRajx8LZRzQRVRC:sDuHnmmoYRVR1RwrRpRajxoZRcRVRC
                                                                                                                                                                                                                                                                                            MD5:C922269B15071195905ACE600AC9B02C
                                                                                                                                                                                                                                                                                            SHA1:BCC559EBBFCAC61A67905B5DBB9D3E8E27D413E5
                                                                                                                                                                                                                                                                                            SHA-256:2FC61A7629E0382699E8178AC8131666BB1BADA65F9B7AC738E7620C1D3A4E40
                                                                                                                                                                                                                                                                                            SHA-512:C4ACE0F94150ED02580A365798981FD30484B3E13576624620377F077AD4A6C0AA06ED3DBC1B8A64406F357321A9AD027A1A12D9C98A407D27B58CA857D74E84
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdwmark.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver watermark specific GPD settings...*%....*%******************************************************************************..*% PageWatermark..*%******************************************************************************..*Feature: PageWatermarkType..{.. *rcNameID: =IDS_GPD_WATERMARKTYPE.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Text.. {.. *rcNameID: =IDS_GPD_TEXT.. }.... *Option: Raster.. {.. *rcNameID: =IDS_GPD_RASTERIMAGE.. }.... *Option: Ve

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdwscRGB.icc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft color profile 2.2, type lino, RGB/Lab-spac device by MSFT, 124856 bytes, 10-5-2006 12:14:35 "Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut M"
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):124856
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.796177094859484
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:wq47C9ZJMKkyYHlMRyu2FK0MjUq2mX14F4Q7asMM06KI:w29bMPyASyumQwmleHf91
                                                                                                                                                                                                                                                                                            MD5:45CC4B43673056B8625ADD43EFDF33DD
                                                                                                                                                                                                                                                                                            SHA1:2A7E28C7696CAF775344A31A23DCDADF15A5F1BD
                                                                                                                                                                                                                                                                                            SHA-256:089BE57682C9F866DCCE74E1D174AA9816BC0992C1CE6EC01E03958964EF852A
                                                                                                                                                                                                                                                                                            SHA-512:08A1FEA06EED5B874BE487F0F523ADCB98262FFA7158F54A724963827ACBF6318EEE99948AEB999C6F6EF875EA04E2B2377CBE623BB4679FB90BE785C75560DC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...lino. ..spacRGB Lab ...........#acspMSFT...................................-MSFT................................................desc......."cprt.......1wtpt...$....A2B0...8...ZB2A0.......ZMS00..U.....desc........Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos.enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .s.c.R.G.B. .v.i.r.t.u.a.l. .d.e.v.i.c.e. .m.o.d.e.l. .p.r.o.f.i.l.e.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......T........mft2................................................BeBwB.B.B.B.B.B.B.C.C.C"C3CECVCgCxC.C.C.C.C.C.C.D.D.D$D5DFDWDhDzD.D.D.D.D.D.D.E.E.E%E6EHEYEjE{E.E.E.E.E.E.E.F.F.F'F8FIFZFlF}

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdCMYKPrinter.icc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft color profile 2.2, type lino, CMYK/Lab-prtr device by MSFT, 849080 bytes, 10-5-2006 15:02:14 "Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile f"
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):849080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.924819797081704
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:nupHTMj2vkdYa+kYfwx+rbgal21W0M5SU1yr2U5fOFQw8LHxrLiYJVarTH46xL1F:upgavkz+UIUBRm020G7
                                                                                                                                                                                                                                                                                            MD5:8EE08E7B69A5F2ECA6BB3A5EEDB48649
                                                                                                                                                                                                                                                                                            SHA1:FF7CFA21BDCB220EC0450E76A1C2AB0854CAEBD6
                                                                                                                                                                                                                                                                                            SHA-256:2B215C1FA5CAA10582BDAFE6B51A911C9D8B2B0B456EEEFF955064FDC3844D98
                                                                                                                                                                                                                                                                                            SHA-512:12AEA33F800D5203811DE1FFA1181BD1B8A58C54BD52A9D2BF7A4084CC2BBC52C9E74E9434C41C6B1EB2CA451E81D5E11B3CE6B827BA4B0F14927EB4FAD62FF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:....lino. ..prtrCMYKLab ............acspMSFT...................................-MSFT................................................desc........cprt.......1wtpt...,....A2B0...@....B2A0........A2B1...@....A2B2...@....B2A1........B2A2........gamt..^.....MS00...P..gfdesc........Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos...enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .C.M.Y.K.P.r.i.n.t.e.r...c.d.m.p.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......c........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdbook.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1808
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.525972600570173
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9QltHlRIORmRCjR73RpRvrmRCgORmRCjR73RpRS:sDuH87FRDRmRCjRrRpRvrmRCbRmRCjRI
                                                                                                                                                                                                                                                                                            MD5:9303837EFF41196B0FC3D6AD46FE43AF
                                                                                                                                                                                                                                                                                            SHA1:9AFBCA730F3A98C5C43AC1AF156BCD6C3CE366E5
                                                                                                                                                                                                                                                                                            SHA-256:ABD2E8A90B9949D61DF21DF88AED7040542555A0228BB0B375439F8488A06294
                                                                                                                                                                                                                                                                                            SHA-512:9F8C9956CEB14B7A275B346A48A1C010DEB23D94BAB4E0FFD395D23B5573533EB80630092CA6A458D33762E55C260752CA294B5E0632179ECC18F17A0B961D55
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdbook.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Booklet specific GPD settings...*%....*%******************************************************************************..*% JobBindAllDocuments..*%******************************************************************************..*Feature: JobBindAllDocuments..{.. *rcNameID: =IDS_GPD_JOBBINDING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: BindLeft.. {.. *rcNameID: =IDS_GPD_LTOR.. }.... *Option: BindRight.. {.. *rcNameID: =IDS_GPD_RTOL.. }.... *Option:

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdcolman.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2718
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.658165462032682
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9xmSx8iZR/+eRxSRURJPRo/8nRFGR7RrXh8TpR9KbzkR5BMLkRWkc4:sDuHN/DRFRkRURJPRo/ARYR7Rrx+R98+
                                                                                                                                                                                                                                                                                            MD5:3F80884F3D1F3B9D5D3C7279131ECB4D
                                                                                                                                                                                                                                                                                            SHA1:17AB016E8AFA453B5A7DA19A6F2AB6AE0B3D78F4
                                                                                                                                                                                                                                                                                            SHA-256:4D09EE22E6A9BFB33E13F5391830FFDA13A572DC6DA1E22D1DEE3D4CAD7BBBD9
                                                                                                                                                                                                                                                                                            SHA-512:363579BDE28329209801FFA7EE0A3A5DD4278886453221768D2F3D7A1ECFE348884004FA08F9B6006E35A6098B72F1738B7B425C9AC8F5F2ACBDC5FD26EEA50A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdcolman.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Color Management specific GPD settings...*%....*%******************************************************************************..*% PageColorManagement..*%******************************************************************************..*Feature: PageColorManagement..{.. *rcNameID: =IDS_GPD_PAGECOLMAN.. *DefaultOption: None.. *PrintSchemaKeywordMap: "PageColorManagement".... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. *PrintSchemaKeywordMap: "None".. }.... *Option: Device.. {.. *rcNameID: =IDS_GPD_D

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdnames.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6871
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6709110049190015
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:sDuHL5cq9ORGELoQ+4JH3U/y5EDeP8N4f6TfSqXYY0s9DOS:3HL5G0Ex+AX0yAePzO0S
                                                                                                                                                                                                                                                                                            MD5:9196C9FAF999C94DA04F4679E823D753
                                                                                                                                                                                                                                                                                            SHA1:BF4445CFF27EC04248BB645C74AAAF6B1EE95B6D
                                                                                                                                                                                                                                                                                            SHA-256:411DFDB99C624831D1E755AD5D861ECE1C2EFCEF23A6C7F89F6C2BA251BBED0A
                                                                                                                                                                                                                                                                                            SHA-512:94A3C1F51B03A91220F9AEF9D8BDDAB6DAD74BE971D5D16B5B308DC5403DE1AFCB3A8D40E0F48CEC1834DE596192BED99C78B03B2538A9594B99347B589650B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnames.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver GPD resource names...*%....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }.. *Option: xdsmplui.. {.. *Name: "xdsmplui.dll".. }..}....*Macros: StdFeatureNames..{.. IDS_GPD_1PPS: RESDLL.xdsmplui.2000.. IDS_GPD_2PPS: RESDLL.xdsmplui.2001.. IDS_GPD_4PPS: RESDLL.xdsmplui.2002.. IDS_GPD_6PPS: RESDLL.xdsmplui.2003.. IDS_GPD_8PPS:

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdnup.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4068
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.508459493570281
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:sDuHqDYRxRGRDRPRbRERfRSdg9Re9RxjR4RURFRjjRkRSRA1sogRyRGRDRPRbREN:3HqZtgst0P
                                                                                                                                                                                                                                                                                            MD5:CFFD55A27BDF496CABE9C41E80A42A72
                                                                                                                                                                                                                                                                                            SHA1:09225D86A48948152DE3AF346491B893579253CA
                                                                                                                                                                                                                                                                                            SHA-256:D0B69D3877190BFAFCADB90D9D4F6C81DA15CD5E3CBE45BAB4E60BC812FF32C0
                                                                                                                                                                                                                                                                                            SHA-512:D1F0A7C72657897B2394D8C166D4E079CAB6CC3BE35621A8B014F541A1A73245DDD0865C4AE810E1784AC973AEA0419F7DFC42DA42A5B81284B539DC0A24EB29
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnup.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver NUp specific GPD settings...*%....*%******************************************************************************..*% JobNUpAllDocumentsContiguously..*%******************************************************************************..*Feature: JobNUpAllDocumentsContiguously..{.. *rcNameID: =IDS_GPD_JOBNUP.. *DefaultOption: 1.. *PrintSchemaKeywordMap: "JobNUpAllDocumentsContiguously".... *Option: 1.. {.. *rcNameID: =IDS_GPD_1PPS.. }.... *Option: 2.. {.. *rcNameID: =IDS_GPD_2PPS.. }.... *Option: 4.. {..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdpgscl.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2522
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.708364933060842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9Ydp88+qRIOR3NRXRAR6R5eR7RZboRaYipRazRapjRafRa6RamRaRA:sDuHco4RDR3NRXRAR6R5eR7RZboRaYuY
                                                                                                                                                                                                                                                                                            MD5:F492FC30EFAE3C1548C17D4419E37778
                                                                                                                                                                                                                                                                                            SHA1:887F31639800999D7225AF1EE3F26B601D726401
                                                                                                                                                                                                                                                                                            SHA-256:08FF54CC8DC7E978B8129017307F4455025FC37F891A9EE6CAD37ADA5EB0CEC7
                                                                                                                                                                                                                                                                                            SHA-512:0F354DBC8B430B168EBAA1BBBAE48DFC6DD285912C1324673BD04AFBDD2947CC3BA8448B440337655377A43A40DC9592CDE26F71A635EEB12746877971C5519D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdpgscl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver page scaling specific GPD settings...*%....*%******************************************************************************..*% PageScaling..*%******************************************************************************..*Feature: PageScaling..{.. *rcNameID: =IDS_GPD_PAGESCALING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Custom.. {.. *rcNameID: =IDS_GPD_CUSTOM.. }.... *Option: CustomSquare.. {.. *rcNameID: =IDS_GPD_CUSTSQUARE.. }.... *Option:

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl-PipelineConfig.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2476
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.158189280019379
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:qDG8kHYKsJyhBk//ojAd+6IG0c9RLN0KUvfaZhcLNhpMubDUHeLNq63PfaZhcLNM:qDhkHtsI4aV46+ZhOb2tZhzZh7jZh/v
                                                                                                                                                                                                                                                                                            MD5:B628B4F8CC199D26E18FE27BD4A29BBD
                                                                                                                                                                                                                                                                                            SHA1:CBB6FB510D708AE85CC0F715617BCD788A613727
                                                                                                                                                                                                                                                                                            SHA-256:12DCC665FDEFEE3D3D771F5727F86FB812C606FCE0E7A3DA943A2072295D2984
                                                                                                                                                                                                                                                                                            SHA-512:825E8583B140C3CA5C44669AAAEF7654A90977F15FD0959FC17DEE30E18C3275EDFE2366A5C90CE707AF28951A56194CBA0CBEE6967CD95FA9CA8CFD6EF189F3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview: ....Copyright (c) 2005 Microsoft Corporation....All rights reserved.....THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..PARTICULAR PURPOSE.....File Name:.... xdsmpl-pipelineconfig.xml....Abstract:.... XPSDrv sample driver filter configuration file. This identifies the.. filters that comprise the filter pipeline and their order.....-->....<Filters>.. <Filter dll = "XDWMark.dll".. clsid = "{B8B525BF-F147-460a-B2D5-9DFB1F30D0FD}".. name = "Watermark filter">.. <Input guid = "{b8cf8530-5562-47c4-ab67-b1f69ecf961e}" comment="IID_IXpsDocumentProvider"/>.. <Output guid = "{4368d8a2-4181-4a9f-b295-3d9a38bb9ba0}" comment="IID_IXpsDocumentConsumer"/>.. </Filter>.. <Filter dll = "XDScale.dll".. clsid = "{976EDCE4-274E-482a-97

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11986
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7262628705263445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:3HDc4F4V4U4k4v4g4L4wfyPUc5Bn+vjdQjNuDVjFfJCk72sI/72sIPTZGjo2D:KyPUc5Bn+bdsN4jFfJR25T25wZ
                                                                                                                                                                                                                                                                                            MD5:E1F2A2FD0D41438A375F0DDC1822AA7C
                                                                                                                                                                                                                                                                                            SHA1:267F8BFFABCCA4D46556519C105C0C6055B6F6D0
                                                                                                                                                                                                                                                                                            SHA-256:606E0918952F5441D31F5335F09FD6AACAE0A5850A0174280FF34F6772A0B768
                                                                                                                                                                                                                                                                                            SHA-512:1CF4B1E989819ECB134DCBD9C842F69D97A4949ED319D712BF14729C8A0BE0FF22122E3FADC4F4B2A86916F5EBF717E5CCE6E7620DD90EA73551CB523703EC0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdsmpl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver main GPD file...*%....*GPDFileVersion: "1.2"..*GPDSpecVersion: "1.2"..*GPDFileName: "XDSmpl.gpd"..*Include: "msxpsinc.gpd"..*Include: "StdNames.gpd"..*Include: "xdnames.gpd"..*Include: "xdwmark.gpd"..*Include: "xdbook.gpd"..*Include: "xdcolman.gpd"..*Include: "xdnup.gpd"..*Include: "xdpgscl.gpd"..*ModelName: "XPSDrv Sample Driver"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 1....*%*********************************************************************

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):475
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.248799523355892
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:fp+BF8aNytrHLCSKsSHUJhGbkxIESnPEcF4RqWo40nUv:fp+D8MkHLNKsSyh2kBoP3FsqA02
                                                                                                                                                                                                                                                                                            MD5:2EFCEBC23D661F3BFA0A4A4BE0588466
                                                                                                                                                                                                                                                                                            SHA1:1ED92AEC943CFE143A7DBBCE2A82141D67FB9169
                                                                                                                                                                                                                                                                                            SHA-256:DC50AFD088B0D72935D0CDF8F99071A7C80A4979BC9AF915016DD847F222EBE9
                                                                                                                                                                                                                                                                                            SHA-512:FC1FF31E2CBFA1BC8A825548C6C4661236FAF12D8B75F25010E783DE116FC48B61F0188A4673C2C60A52181F6E7F0EFE39BF9B0A7D35B1937EC02B97FCCB7955
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:;..; Copyright (c) 2005 Microsoft Corporation..;..; All rights reserved...;..; THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..; ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..; PARTICULAR PURPOSE...;..; File Name:..;..; xdsmpl.ini..;..; Abstract:..;..; XPSDrv sample driver configuration file for UI plug-in...;....[OEMFiles]..OEMConfigFile1=xdsmplui.DLL......

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdwmark.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1554
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.555759044915239
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FCDZkHSs9/9Tmm8LYReOR1RwrRpRajx8LZRzQRVRC:sDuHnmmoYRVR1RwrRpRajxoZRcRVRC
                                                                                                                                                                                                                                                                                            MD5:C922269B15071195905ACE600AC9B02C
                                                                                                                                                                                                                                                                                            SHA1:BCC559EBBFCAC61A67905B5DBB9D3E8E27D413E5
                                                                                                                                                                                                                                                                                            SHA-256:2FC61A7629E0382699E8178AC8131666BB1BADA65F9B7AC738E7620C1D3A4E40
                                                                                                                                                                                                                                                                                            SHA-512:C4ACE0F94150ED02580A365798981FD30484B3E13576624620377F077AD4A6C0AA06ED3DBC1B8A64406F357321A9AD027A1A12D9C98A407D27B58CA857D74E84
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdwmark.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver watermark specific GPD settings...*%....*%******************************************************************************..*% PageWatermark..*%******************************************************************************..*Feature: PageWatermarkType..{.. *rcNameID: =IDS_GPD_WATERMARKTYPE.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Text.. {.. *rcNameID: =IDS_GPD_TEXT.. }.... *Option: Raster.. {.. *rcNameID: =IDS_GPD_RASTERIMAGE.. }.... *Option: Ve

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdwscRGB.icc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft color profile 2.2, type lino, RGB/Lab-spac device by MSFT, 124856 bytes, 10-5-2006 12:14:35 "Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut M"
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):124856
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.796177094859484
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:wq47C9ZJMKkyYHlMRyu2FK0MjUq2mX14F4Q7asMM06KI:w29bMPyASyumQwmleHf91
                                                                                                                                                                                                                                                                                            MD5:45CC4B43673056B8625ADD43EFDF33DD
                                                                                                                                                                                                                                                                                            SHA1:2A7E28C7696CAF775344A31A23DCDADF15A5F1BD
                                                                                                                                                                                                                                                                                            SHA-256:089BE57682C9F866DCCE74E1D174AA9816BC0992C1CE6EC01E03958964EF852A
                                                                                                                                                                                                                                                                                            SHA-512:08A1FEA06EED5B874BE487F0F523ADCB98262FFA7158F54A724963827ACBF6318EEE99948AEB999C6F6EF875EA04E2B2377CBE623BB4679FB90BE785C75560DC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...lino. ..spacRGB Lab ...........#acspMSFT...................................-MSFT................................................desc......."cprt.......1wtpt...$....A2B0...8...ZB2A0.......ZMS00..U.....desc........Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos.enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .s.c.R.G.B. .v.i.r.t.u.a.l. .d.e.v.i.c.e. .m.o.d.e.l. .p.r.o.f.i.l.e.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......T........mft2................................................BeBwB.B.B.B.B.B.B.C.C.C"C3CECVCgCxC.C.C.C.C.C.C.D.D.D$D5DFDWDhDzD.D.D.D.D.D.D.E.E.E%E6EHEYEjE{E.E.E.E.E.E.E.F.F.F'F8FIFZFlF}

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                            MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                            SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                            SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                            SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                            MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                            SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                            SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                            SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                            MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                            SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                            SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                            SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                            MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                            SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                            SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                            SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\32bits\stvad.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):55112
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.95804253448452
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:+EmCoFSZSI9Xhq7xYQAucXy069A3hKhy06ia3hyKb3LCxLVNe9zLuX:+EmPFSYWXf69A3hK16x3hyKbOnNazSX
                                                                                                                                                                                                                                                                                            MD5:9D62CBDE4079B1BE2CB1B91BDD74E539
                                                                                                                                                                                                                                                                                            SHA1:C54E743DE54B9D1D35CDA8F15562483163A064C0
                                                                                                                                                                                                                                                                                            SHA-256:63347E07C934A788F5996EF91D86F718C273DB6221BF448F0659F70194A65031
                                                                                                                                                                                                                                                                                            SHA-512:E3DE199BAABCB087A07071D67F2A0EE3E0F01E06B23B75B6FDCF1146CE782263E1A63D32B4DAFF3699766FD3922AB41F9DCB4497398DB5F0DA9EA33F5FDDF24C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5..5..5..!..4..!..2..5.....!..3.....>.... .4.....4..Rich5..........................PE..L...;..b.................D...&......0p....... ....@..................................i....@E................................`p..P.......p............n..Hi...........(..8...........................8)............... ...............................text...w........................... ..h.rdata....... ......................@..H.data........0....... ..............@...PAGE.....,...@.......0.............. ..`INIT.........p.......^.............. ..b.rsrc...p............d..............@..B.reloc...............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):62816
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.690155437787919
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:7FkBLAYEMVmkPGsfD6ppH3hLW6G3heObqQyvzP:75YskPGiDaphWqOuQyvr
                                                                                                                                                                                                                                                                                            MD5:9CE89A1A93E196AA261561B1E5C3AFC6
                                                                                                                                                                                                                                                                                            SHA1:8ECDB82C1C4A9C4431826097EDB11718152AD7A5
                                                                                                                                                                                                                                                                                            SHA-256:CBB084056495566BFC8D933D7094694053ADDB91C190F95F791016CF6368D94D
                                                                                                                                                                                                                                                                                            SHA-512:A4E7E93819CDCFDF0ED468F0138AD2774D2D7D8A587A01A4745F61AC27DFCD41A49922827E7029FC7564DF3866C64464B7B131CEBF3D39AD85D94E533AE53C5B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x...+...+...+..*.+..*...+...+..+..*.+..*.+L..*...+L.a+.+L..*.+Rich...+................PE..d...8..b.........."......R...8......0..........@.....................................%....`A....................................................<.......p....p..........`i......T....<..8...........................P<...............0..0............................text...)........................... ..h.rdata.......0......................@..H.data........P.......,..............@....pdata.......p.......@..............@..HPAGE....$7.......8...F.............. ..`INIT.................~.............. ..b.rsrc...p...........................@..B.reloc..T...........................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):285
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.794885910225241
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:fAjsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9RNIgm9MOdELVb4NMD7:EWZ9dAudm95dyE239nd9RGpDdwh7
                                                                                                                                                                                                                                                                                            MD5:1690361AD6F64AA935F0C71847F763B6
                                                                                                                                                                                                                                                                                            SHA1:5F8682A46B5A4DF1F03D8078240F6619B0C90DDF
                                                                                                                                                                                                                                                                                            SHA-256:D7CBA410A986FD863C69BDB98311A2F49E04F3ED7C1499C6A5557B7BA856B5AE
                                                                                                                                                                                                                                                                                            SHA-512:2CE17EEF081E5C7F68E7584413C65242A1CE240B23F1226906DB6F6BC12E97B834545DA6B43BE5903D6EDBC66B1899634D9115E6688961F5547297819989D2EE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:rem echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):289
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.864786270026779
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9RNIgm9MOdRL6Vb4NMD7:kWZ9dAudE95d0E239Jd9RGpDdCh7
                                                                                                                                                                                                                                                                                            MD5:678C5FB9E1F87E4986E2B80B55740A9C
                                                                                                                                                                                                                                                                                            SHA1:3E30F2B668EEAE7F8D0A192F6F3B9EE6213D58E8
                                                                                                                                                                                                                                                                                            SHA-256:E04797F8F85EAAB68DA60C9E2F08E224DBF379ECC6085BD2A8C79974FF1D46E3
                                                                                                                                                                                                                                                                                            SHA-512:B6FD46FE165ACB6169056465248078B9794669846B57E616F8DB923C6EDD324A625BE968E499463BADC7B99660A8CE3304333BA9D92D8907C98C6B3CB6B7DB6E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon64.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\stvad.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11950
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.350152493437532
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:mgQzOQtQyQHOQqQWNJCHF1agjEwOXP6hYCe68JGlD/Jn9VOMbSX01k9z3AoXSkqr:INg/k6h3e1GlD/LVNSR9zrVqr
                                                                                                                                                                                                                                                                                            MD5:6E88194D307CE842B43826CA7B473411
                                                                                                                                                                                                                                                                                            SHA1:1C8767D498A53C6287EA89BCEB43A21C4F4AF479
                                                                                                                                                                                                                                                                                            SHA-256:E75BF820E72813D3C46D11502267B3FE445E9A7F05E855DF97811D3E2333EE3A
                                                                                                                                                                                                                                                                                            SHA-512:016B756C585648B0AF746E906302FC021516B0419DBD9B5444B11C709D3C6AE8CF330A1A49D7ACD341846D558FDC18C1DE5B97DA59ED53C887A854B8BDA5679F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.....*.H..........0......1.0...`.H.e......0.....+.....7......0...0...+.....7.....y...K.O.."+ H.I..220214055503Z0...+.....7.....0...0......(u..m.,..E5.IhF..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...i.n.f...0....6=0..z..-.c..q..xS.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...s.y.s...0.... Vf.*...S.....3...7.D.%.Azv).`>1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Vf.*...S.....3...7.D.%.Azv).`>0... .j.[6=uPASr......) .N.g].!i.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .j.[6=uPASr......) .N.g].!i.0.....U....Z....$......1..0...+...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\stvad.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4338
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5192534972153515
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:2kSMHhlJjFdN5JHzI8LeTMdH33I8vV4xmzAchZ8MMCuj:2kSMHdxdnJHTeT+3B4xm09j
                                                                                                                                                                                                                                                                                            MD5:8E91B0F01FFE8DF22050392F91D8F28D
                                                                                                                                                                                                                                                                                            SHA1:1ECD2875D29F0F6DE62C1DBA4535D7496846B70D
                                                                                                                                                                                                                                                                                            SHA-256:946AE6ACA55B363D7550415372A8A483BEDA152920104EE4675DD4AC2169ECA1
                                                                                                                                                                                                                                                                                            SHA-512:5B421B323084E851154C15E22769BDBA12C555DD8DF949B21719CF13C0549EEE1AC48C4EC4802EC08A725A4515C449BACE6E43F0DC67B54BAB1DB08D2408AA59
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature..= "$CHICAGO$"..Class...= MEDIA..Provider..= %ST%..ClassGUID..= {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 02/14/2022,1.0.3.0..CatalogFile .= stvad.cat....[SourceDisksNames.x86]..222 = "STVAD Driver Disk","",222,\32bits....[SourceDisksNames.amd64]..222 = "STVAD Driver Disk","",222,\64bits....[SourceDisksFiles]..stvad.sys = 222....;;This syntax is only recognized on Windows XP and above- it is needed to install 64-bit drivers on..;;Windows Server 2003 Service Pack 1 and above.....[Manufacturer]..%MfgName% = SplashtopDS, NTAMD64, NTx86....;; For Windows Server 2003 Service Pack 1 and above, a 64-bit OS will not install a driver..;; unless the Manufacturer and Models Sections explicitly show it is a driver for that platform..;; But the individual model section decorations (or lack thereof) work as they always have...;; All of the model sections referred to are undecorated or NT-decorated, hence work on all platforms....[SplashtopDS]..%STVAD.DeviceDesc% =

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):206
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.79285514077006
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9R7:kWZ9dAudm95dyE239nd9R7
                                                                                                                                                                                                                                                                                            MD5:9EAFE2CC76D906E1C4F0FCB2A485A453
                                                                                                                                                                                                                                                                                            SHA1:51D48B136B7AD1BBA162D3674F249A6832F9B55E
                                                                                                                                                                                                                                                                                            SHA-256:9C01560D63FA71D8492B5B866E02902EA5AD8DF54B5678DCA54160F787AD7BC2
                                                                                                                                                                                                                                                                                            SHA-512:76D1A89F064AD7C9B89D9FBD06735837E4B47220F2B790B2BE3DCC63251923F7D0B2B8DB5B3983D4E7B94DA1DFCB3EC9EC81C0927446E05D4EECA9CD293CE4F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):212
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.871313263028117
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9R7:kWZ9dAudE95d0E239Jd9R7
                                                                                                                                                                                                                                                                                            MD5:A2DA78EF1F7BC59138D71F85D6310ECA
                                                                                                                                                                                                                                                                                            SHA1:912DCBFF74495F0235A969BCE934B421086DD175
                                                                                                                                                                                                                                                                                            SHA-256:A980C2CD38F4D2F06E6A5DC96BFFFB8EC39A7A1254D5FF6ED1E7F44048F66AE1
                                                                                                                                                                                                                                                                                            SHA-512:32DAD786E55680F653F7F5570189E2C0F815CE0A69221B91743B67407587E9A13C414E5ECCEB2CD02A3C0A805E3D6D2639948DD22DFAC3B6FF56D74CC468AD56
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\32bits\stvad.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):45320
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.720475524234058
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:G9CoFe+yIPYhqU1YQ7YemerV3hvrOyk3hH63:G9PFe3VYq3hvrOX3hH+
                                                                                                                                                                                                                                                                                            MD5:A9D239E41BAED5879255923481C73D11
                                                                                                                                                                                                                                                                                            SHA1:FE581685174CEFCAD994BB8EC1A70537BB8CA626
                                                                                                                                                                                                                                                                                            SHA-256:5118FB2A6A4B1E37AA12544E5864B77733739FB5EFBC4997F3A5A3EF385FE9B9
                                                                                                                                                                                                                                                                                            SHA-512:5460CDDD61A79C9C4982106344F4354E55C93AC996EF7315DE635F2F45EFE8A9BDFF37664137E7307E8C9654BCD16ACC65B8471D08E09DAA798502B0973E3DAD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................................#.........Rich...................PE..L....0Ca.................D...&......0p....... ....@.................................N.....@E................................xp..P.......p............n...C...........(..8...........................8)..@............ ...............................text............................... ..h.rdata....... ......................@..H.data........0....... ..............@...PAGE.....,...@.......0.............. ..`INIT.........p.......^.............. ..b.rsrc...p............d..............@..B.reloc...............h..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53000
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411029825578745
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:HD4P58VeNfba5EMjxMXOkvmWvwDtmmEfdgA5lER3hjgxW3hyB:8PiVeNYEMVz4TVRl+3hjgg3hyB
                                                                                                                                                                                                                                                                                            MD5:E623E53FAE062F43180174FA01E7B6E0
                                                                                                                                                                                                                                                                                            SHA1:7843125E12A3DF5A9DC1FB052CCC34B993A18F00
                                                                                                                                                                                                                                                                                            SHA-256:D68E13044485D730E183449E3F34D45E319199D376C7528FC8DDA87CA5A22034
                                                                                                                                                                                                                                                                                            SHA-512:26E342BC8E28CB447BF4F1FC4F1A7A0CA2186B4AC78CDC062B29CC206ED1FAC2E0825748DF26AA0E893795820A77D6D269F4DFCB2162E5877710D7DE8FD1365B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t`X.............~.......~...............~.......~.......`.......`.......`......Rich............PE..d....0Ca.........."......R...8......0..........@.........................................`A....................................................<.......p....p...........C......T....<..8...........................P<...............0..0............................text...i........................... ..h.rdata.......0......................@..H.data........P.......,..............@....pdata.......p.......@..............@..HPAGE.....7.......8...F.............. ..`INIT.................~.............. ..b.rsrc...p...........................@..B.reloc..T...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):285
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.794885910225241
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:fAjsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9RNIgm9MOdELVb4NMD7:EWZ9dAudm95dyE239nd9RGpDdwh7
                                                                                                                                                                                                                                                                                            MD5:1690361AD6F64AA935F0C71847F763B6
                                                                                                                                                                                                                                                                                            SHA1:5F8682A46B5A4DF1F03D8078240F6619B0C90DDF
                                                                                                                                                                                                                                                                                            SHA-256:D7CBA410A986FD863C69BDB98311A2F49E04F3ED7C1499C6A5557B7BA856B5AE
                                                                                                                                                                                                                                                                                            SHA-512:2CE17EEF081E5C7F68E7584413C65242A1CE240B23F1226906DB6F6BC12E97B834545DA6B43BE5903D6EDBC66B1899634D9115E6688961F5547297819989D2EE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:rem echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):289
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.864786270026779
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9RNIgm9MOdRL6Vb4NMD7:kWZ9dAudE95d0E239Jd9RGpDdCh7
                                                                                                                                                                                                                                                                                            MD5:678C5FB9E1F87E4986E2B80B55740A9C
                                                                                                                                                                                                                                                                                            SHA1:3E30F2B668EEAE7F8D0A192F6F3B9EE6213D58E8
                                                                                                                                                                                                                                                                                            SHA-256:E04797F8F85EAAB68DA60C9E2F08E224DBF379ECC6085BD2A8C79974FF1D46E3
                                                                                                                                                                                                                                                                                            SHA-512:B6FD46FE165ACB6169056465248078B9794669846B57E616F8DB923C6EDD324A625BE968E499463BADC7B99660A8CE3304333BA9D92D8907C98C6B3CB6B7DB6E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon64.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\stvad.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18540
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.313988713784432
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:1+wARK7Nm4UB1LtL8JN77hh/onRK7Nm4UxY28JN77hh07V:8wUh23hRoR83hGV
                                                                                                                                                                                                                                                                                            MD5:52973E06C8A2587300797DEBD419A08C
                                                                                                                                                                                                                                                                                            SHA1:8D13082BEEF0B4240B67F7D04809A25C8CC3834F
                                                                                                                                                                                                                                                                                            SHA-256:AACA5F16D57F7C9CBA15F8420FA57CB0F222F3FD28051FD1C103AEBEBA681D05
                                                                                                                                                                                                                                                                                            SHA-512:60CE0E47DD5B42DB77BBF507AEB939CA26ECA50A5A6F5FF4731D4E65230335BC5F8E47A1B60466B6BB2CACB582F7F0BEACEAA956A2A50D5C5645F0591D4DF8B0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.Hh..*.H........HY0.HU...1.0...+......0.....+.....7......0...0...+.....7........[.nA.jC`.S....210916120921Z0...+.....7.....0...0....R5.6.4.E.F.8.7.0.9.0.7.9.8.F.7.A.6.2.5.7.4.B.6.0.2.C.F.3.1.2.3.D.C.E.D.2.3.4.6.3...1..O06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........VN.p.y.zbWK`,..=..4c0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R8.7.8.1.B.4.C.0.6.1.9.4.5.A.2.E.8.E.0.1.0.E.F.1.2.9.8.5.9.B.D.1.A.A.3.1.3.C.7.5...1..G06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...i.n.f...0E..+.....7...17050...+.....7.......0!0...+............a.Z.....)...1<u0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.4.9.D.9.9.6.B.8.8

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\stvad.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3217
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.702969738113695
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:2kQG735yUI8LeHdT3I8vV4xDKKr84QM5MFgWCwj:2kQG7pyye1B4x+I8pj
                                                                                                                                                                                                                                                                                            MD5:1574CF3E123B96142ACF789F852119FF
                                                                                                                                                                                                                                                                                            SHA1:8781B4C061945A2E8E010EF129859BD1AA313C75
                                                                                                                                                                                                                                                                                            SHA-256:3FF183B875687A9A2BAF0FBEFA52AC04CD5E869E6E4FD535CC7D1D1F4825A003
                                                                                                                                                                                                                                                                                            SHA-512:29EA441281BA5A4E7B427335E36D0D6FA2A103D852DD16E460C4BE62E2640AE2117C1C64CFE6BFDC2A22FE9ADDE71B74DB5A1A6BF80D7BE0953FD593401F0311
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature..= "$CHICAGO$"..Class...= MEDIA..Provider..= %ST%..ClassGUID..= {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer ..= 09/16/2021, 1.0.2.0..CatalogFile .= stvad.cat....[DestinationDirs]..STVAD.CopyList = 10,system32\drivers....[SourceDisksNames.x86]..222 = "STVAD Driver Disk","",222,\32bits....[SourceDisksNames.amd64]..222 = "STVAD Driver Disk","",222,\64bits....[SourceDisksFiles]..stvad.sys = 222....[Manufacturer]..%MfgName% = Splashtop, NTAMD64, NTx86....[Splashtop.NTAMD64]..%stvad.DeviceDesc% = STVAD, *STVAD....[Splashtop.NTx86]..%stvad.DeviceDesc% = STVAD, *STVAD....[STVAD]..AlsoInstall..= ks.registration(ks.inf),wdmaudio.registration(wdmaudio.inf)..CopyFiles..= STVAD.CopyList..AddReg...= STVAD.AddReg....[STVAD.CopyList]..stvad.sys....[STVAD.Interfaces]..AddInterface.= %KSCATEGORY_AUDIO%,%KSNAME_Wave%,STVAD.I.Wave..AddInterface.= %KSCATEGORY_RENDER%,%KSNAME_Wave%,STVAD.I.Wave..AddInterface.= %KSCATEGORY_CAPTURE%,%KSNAME_Wave%,STVAD.I.Wave..AddInterface.= %KSCATE

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):206
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.79285514077006
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9R7:kWZ9dAudm95dyE239nd9R7
                                                                                                                                                                                                                                                                                            MD5:9EAFE2CC76D906E1C4F0FCB2A485A453
                                                                                                                                                                                                                                                                                            SHA1:51D48B136B7AD1BBA162D3674F249A6832F9B55E
                                                                                                                                                                                                                                                                                            SHA-256:9C01560D63FA71D8492B5B866E02902EA5AD8DF54B5678DCA54160F787AD7BC2
                                                                                                                                                                                                                                                                                            SHA-512:76D1A89F064AD7C9B89D9FBD06735837E4B47220F2B790B2BE3DCC63251923F7D0B2B8DB5B3983D4E7B94DA1DFCB3EC9EC81C0927446E05D4EECA9CD293CE4F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):212
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.871313263028117
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9R7:kWZ9dAudE95d0E239Jd9R7
                                                                                                                                                                                                                                                                                            MD5:A2DA78EF1F7BC59138D71F85D6310ECA
                                                                                                                                                                                                                                                                                            SHA1:912DCBFF74495F0235A969BCE934B421086DD175
                                                                                                                                                                                                                                                                                            SHA-256:A980C2CD38F4D2F06E6A5DC96BFFFB8EC39A7A1254D5FF6ED1E7F44048F66AE1
                                                                                                                                                                                                                                                                                            SHA-512:32DAD786E55680F653F7F5570189E2C0F815CE0A69221B91743B67407587E9A13C414E5ECCEB2CD02A3C0A805E3D6D2639948DD22DFAC3B6FF56D74CC468AD56
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.847750617309462
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:b9aXVnIo4e86mU2IpU88ukl7qqOky4QqSmOOgY3hs3BMBs3hsU4hJt34lz2:b9uV54e8Q6uoramO43hs3h3hsU4/tgy
                                                                                                                                                                                                                                                                                            MD5:48A8D41400F7D4729A0FB3102B2FD7AF
                                                                                                                                                                                                                                                                                            SHA1:709FCD8676F7E618B1D519D7C84422D90EAC81AD
                                                                                                                                                                                                                                                                                            SHA-256:158BF7761E9A254E5D4608E62D11B86A682E505413C86128999F8EDC6294645D
                                                                                                                                                                                                                                                                                            SHA-512:845DA37A4FC90DB0E4D1A0CE51E9436F3AB65289C4CAE189999A72DC516F09750FBE43D681746E5BD0C5E4E90C246BC58ADF95239A19A3E3E71000C0E8B46018
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................................#.........Rich...................PE..L...1.'a.................>...&......0p....... ....@.......................................@E................................xp..P.......p............h...g...........(..8............................)..@............ ...............................text...g........................... ..h.rdata..l.... ......................@..H.data...0....0......................@...PAGE....")...@...*.................. ..`INIT....8....p.......X.............. ..b.rsrc...p............^..............@..B.reloc...............b..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\64bits\stvspk.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):59152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.649199158440194
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:Qidu9HV92g74x9xMtsqRdUx2PEvp/MuTP3hs0KI3hsE5Et367SH:09HV92Z9fx/MYP3hs0t3hsE+tK7+
                                                                                                                                                                                                                                                                                            MD5:FFC5D6FFD92E2F5DD7D454B5EA624825
                                                                                                                                                                                                                                                                                            SHA1:22DC6D072A87B95A215735D8A9002757F1C99F4B
                                                                                                                                                                                                                                                                                            SHA-256:BF3806D063FD4982791FA5F5C50DDC5B7F49B40615F6CFCE96016571CA4AF7CB
                                                                                                                                                                                                                                                                                            SHA-512:653CAB148E0CE24DF36C1EC02760F19C9100542FCA5885B665E8F98EE82118B7930D3B9C8BAF18C1D08B5E1D3D5F7B3DDF0041581116BA5973CE30DFF4C4A958
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t`X.............~.......~...............~.......~.......`.......`.......`......Rich............PE..d...-.'a.........."......H...4......0..........@.....................................g....`A....................................................<.......p....`..h........g......L....+..8........................... ,............... ...............................text............................... ..h.rdata....... ......................@..H.data........@.......&..............@....pdata..h....`.......:..............@..HPAGE.....1...p...2...@.............. ..`INIT.................r.............. ..b.rsrc...p............x..............@..B.reloc..L............|..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):286
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.868409179176479
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:fAjsd94wqJ6dA3OdqA3PMOdyE23PMmfPP0NIgm4OdELV5FaA37:EWH9dAedNtdyE23rH0GpBdM97
                                                                                                                                                                                                                                                                                            MD5:A9A42F8DE6BBE12230621C01C8FD5987
                                                                                                                                                                                                                                                                                            SHA1:360D7B9C960AA8BCFAB960F5BC8FE4C8217BFF1D
                                                                                                                                                                                                                                                                                            SHA-256:377B50263A4EC36A0133666CCC089CC065119FE290FA53D9397D414BFDE6DDF3
                                                                                                                                                                                                                                                                                            SHA-512:CFCBE219768697E54E62F27C0BC318590055BD70BBAB73262ED93B4F7B8A993D6984DB2CE1A0DABE65A2E83204FAE61AB4896BCA56385E49DA7527B4567EDDFD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:rem echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon.exe remove *STVSpkSimple >> inst.log...\utils\devcon.exe rescan >> inst.log...\utils\DIFxCmd.exe /u stvspk.inf >> inst.log....REM install...\utils\devcon.exe install stvspk.inf *STVSpkSimple >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):290
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.94060950303714
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd94wqJ6dA3OdRLiA3PMOdRLKE23PMmBPP0NIgm4OdRL6V5FaA37:kWH9dAedDtd0E239H0GpBdm97
                                                                                                                                                                                                                                                                                            MD5:9DC29B6F9CC69C534977BFCDC98E2705
                                                                                                                                                                                                                                                                                            SHA1:4AA931BE2C7297A93CEC4172F48EDDD8DBC4E3AB
                                                                                                                                                                                                                                                                                            SHA-256:78CEDF996370DF8A59521A77BDDB7118610924A02625AA53BFE47975A23B3B8D
                                                                                                                                                                                                                                                                                            SHA-512:5227EFC53C6D12C012691A920ADB77B51E9E939294B7B690774BDC16EFAC877D9D92C409D5197244279F4BE8052CA8FA9FCD37D82178807DABA8D0F528F179A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon64.exe remove *STVSpkSimple >> inst.log...\utils\devcon64.exe rescan >> inst.log...\utils\DIFxCmd64.exe /u stvspk.inf >> inst.log....REM install...\utils\devcon64.exe install stvspk.inf *STVSpkSimple >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\stvspk.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18559
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.313796375225627
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:5eNwo6RK7Nm4UN1d08JN77hhOd5wTRK7Nm4UhkX88JN77hhOmT:Yw1n33hsd5wFIXf3hsmT
                                                                                                                                                                                                                                                                                            MD5:3BEB01DAE131D8E2F595EA697676FD82
                                                                                                                                                                                                                                                                                            SHA1:E4AE36B125E40E3964C176FAD1A2690317574A15
                                                                                                                                                                                                                                                                                            SHA-256:B2E42C84B27299C6973FC976FF22837D156788A6D423286816DD9B551A959245
                                                                                                                                                                                                                                                                                            SHA-512:DDCEB2EE00865574863F4E6D5CE32A4363FCBC85C42B75AE348FA1A09E1FC5284355A772E127372993560CA634B52447EE6F4CF7261691EB8EEDD0DD95731FEC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.H{..*.H........Hl0.Hh...1.0...+......0.. ..+.....7......0...0...+.....7.....]....qF.3o...!...210826123955Z0...+.....7.....0...0....R2.2.8.8.7.7.B.7.3.E.F.1.0.A.0.A.F.7.3.6.9.3.F.B.2.B.4.F.4.9.F.D.6.D.A.7.4.0.4.9...1..I08..+.....7...1*0(...F.i.l.e........s.t.v.s.p.k...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........".w.>....6..+OI.m.@I0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R3.7.8.B.6.D.B.1.6.A.4.1.D.7.F.6.F.1.2.A.D.5.B.B.3.B.3.4.2.D.F.D.9.E.A.0.2.A.8.1...1..Q08..+.....7...1*0(...F.i.l.e........s.t.v.s.p.k...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........7.m.jA...*.;4-...*.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R4.C.C.A.0.5.0.E

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\stvspk.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4530
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.531167619033096
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:TMuJlJjPHHXkP9bYxHJswZ4xNzp49RY8MMCuqx:TMuFDHX4yR4xNdezqx
                                                                                                                                                                                                                                                                                            MD5:C6F9A3971989361505A22B26F16CBF33
                                                                                                                                                                                                                                                                                            SHA1:228877B73EF10A0AF73693FB2B4F49FD6DA74049
                                                                                                                                                                                                                                                                                            SHA-256:1D08A49A629D67FDC77E6EC38B90F10A2C7788BDE9EDE15075732DA010FCE8DB
                                                                                                                                                                                                                                                                                            SHA-512:B49317454756DD29317838224D2B49A1D4CDB358B0BAE5EFBD6CD7F12CDEE018BF9F3A8D7D1484D64BA158821E3EBDC52D18BD601D999FFB9127A744BD477A3C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature = "$CHICAGO$"..Class = MEDIA..Provider = %ST%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer=08/26/2021,1.0.1.0..CatalogFile = stvspk.cat....[SourceDisksNames.x86]..222 = "STVSpk Driver Disk","",222,\32bits....[SourceDisksNames.amd64]..222 = "STVSpk Driver Disk","",222,\64bits....[SourceDisksFiles]..stvspk.sys = 222....;;This syntax is only recognized on Windows XP and above- it is needed to install 64-bit drivers on..;;Windows Server 2003 Service Pack 1 and above.....[Manufacturer]..%MfgName% = SplashtopDS, NTAMD64, NTx86....;; For Windows Server 2003 Service Pack 1 and above, a 64-bit OS will not install a driver..;; unless the Manufacturer and Models Sections explicitly show it is a driver for that platform..;; But the individual model section decorations (or lack thereof) work as they always have...;; All of the model sections referred to are undecorated or NT-decorated, hence work on all platforms....[SplashtopDS]..%STVSpk.DeviceDesc%=STVSp

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):202
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.8854882526314825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd94wqJ6dA3OdqA3PMOdyE23PMmfPP07:kWH9dAedNtdyE23rH07
                                                                                                                                                                                                                                                                                            MD5:3535AC984A69ED2E778B7F2B77618C94
                                                                                                                                                                                                                                                                                            SHA1:3B6B19524DFAABDA5CF5FD2DD476A0108C928676
                                                                                                                                                                                                                                                                                            SHA-256:98040E1CF91AB05E0341BAE64F1D8AD29077A5351C586F2507CFF4C41CA80A1C
                                                                                                                                                                                                                                                                                            SHA-512:FD92393595D39F6260BB517DF38E82FBAB7BD7A9A79C276DEAFBDC69B123359F3D20C5A5B28AB06EFCB412E64E2AC940FA84FB130EAE9ACC778410119E7BF083
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon.exe remove *STVSpkSimple >> inst.log...\utils\devcon.exe rescan >> inst.log...\utils\DIFxCmd.exe /u stvspk.inf >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):208
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.961978816753448
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajsd94wqJ6dA3OdRLiA3PMOdRLKE23PMmBPP07:kWH9dAedDtd0E239H07
                                                                                                                                                                                                                                                                                            MD5:754E73406288B7E24396DE0B02C9767D
                                                                                                                                                                                                                                                                                            SHA1:EE115F24C025725D5BC56DAF460CBB25084D1059
                                                                                                                                                                                                                                                                                            SHA-256:A2B082F8CF5944558CA68BEEC0290C49A3E4080E3B364A9A64F6CC203DFD2339
                                                                                                                                                                                                                                                                                            SHA-512:9C378936BE40F532C0866713417DC0F686F8067EE706AD96DC71BA9614378A9ACF1E481C95E25C0AA0C9E63CC23C237FAAB22E49BD773E138543F27C7F0AEA5E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon64.exe remove *STVSpkSimple >> inst.log...\utils\devcon64.exe rescan >> inst.log...\utils\DIFxCmd64.exe /u stvspk.inf >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                            MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                            SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                            SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                            SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                            MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                            SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                            SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                            SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                            MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                            SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                            SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                            SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                            MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                            SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                            SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                            SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25040
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.182836790970066
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:RnmRA8diIqFr2hrkzbBglwb20HsOANRBUBR+uekbnYPLGKw:5183HrkXBhb2CI7BUBUnCtKw
                                                                                                                                                                                                                                                                                            MD5:3C0B8DA5253B68665362881787681D04
                                                                                                                                                                                                                                                                                            SHA1:8C2925071EBBB1D94B34DBC9B926CC96F3D6674F
                                                                                                                                                                                                                                                                                            SHA-256:8DB1AF7E90197353FD346A2A4D60C7EACD506EBD593A9BCA811DC9C5D420E141
                                                                                                                                                                                                                                                                                            SHA-512:5ED6163BD09A81D50059B816B3D188DDABA7F032C091CD21205F081CA1B4BB902129A5AA87ADF55B5910B193721226F2E82CC53D9A0DF0D833933F798FCF5471
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!v.!v.!v.(.T.$v.!v.2v.(.R.#v.(.D."v.(.N."v.(.S. v.(.V. v.Rich!v.........PE..d...).9S.........." .....$..."....... ..............................................T........................................................p..<.......X....`.......J..........8....0...............................................0...............................text............ .................. ..h.rdata..<....0.......$..............@..H.data........@.......(..............@....pdata.......`.......<..............@..HINIT....T....p.......>.............. ....rsrc...X............B..............@..B.reloc...............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.164676951334965
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:C1XYhWsmdZunYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9/6onc:CBYhWsmdknYPL/p1P6j7rtc
                                                                                                                                                                                                                                                                                            MD5:1A2D1119C830079A91FDB0BC96C68E9F
                                                                                                                                                                                                                                                                                            SHA1:6DFD2D9E82F5ABF807402E81F837DEA3FBF24861
                                                                                                                                                                                                                                                                                            SHA-256:758732573D0360444173A9ADFEBC41E6295262A2E128F4A7DA973138BD05E1A6
                                                                                                                                                                                                                                                                                            SHA-512:B8A8F0D970D4ACA797C3AE4F70C32D1068599F1FD802430F75606541F00BCC133B66484DAB0276115E09E39126AC398D54933A7757E4C28EC54FC0E40B869A3C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............k..k..k..j..k......k......k.....k.....k......k......k.Rich.k.........................PE..d...).9S..........".................dP.......................................p.......R.......................................................P..<....`.......@..$...................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata..$....@......................@..HINIT....@....P...................... ....rsrc........`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18384
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.784225074424451
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:KNpdeIDggm1TgXu0HM9CZFuz9ynYPLGKsH:Kp0f1Tg+CM9COZytKU
                                                                                                                                                                                                                                                                                            MD5:FFF61014618EB5B63F5CBB7457537577
                                                                                                                                                                                                                                                                                            SHA1:E899E392E493F731B900B36FF3C6AD384D35B129
                                                                                                                                                                                                                                                                                            SHA-256:764FFF366A21B3D44F3F43BDED347E8BF6ACAEC3F911AEA07555A3D8E26CB407
                                                                                                                                                                                                                                                                                            SHA-512:E057FC69EBE9E36A8D4DABD23044229450FA606564F28A566233AB014C7433ED515AC0BAE8427E667164518A92F74803719A1DB0066AF17560423C8E6BB6FA9B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i...h...i.......i.....i.....i.......i.......i.Rich..i.................PE..d...).9S.........." .........:..................................................................................................................<.......P....p.......0..........<....0...............................................0...............................text... ........................... ..h.rdata..\....0......................@..H.data....+...@......................@....pdata.......p......."..............@..HINIT.................$.............. ....rsrc...P............(..............@..B.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1656019250857135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:C1XVhWcj2sFnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9SPp94v:CBVhWcj2onYPL/p1P6j7rLv
                                                                                                                                                                                                                                                                                            MD5:8A12125138A8F34F9700529363947D5E
                                                                                                                                                                                                                                                                                            SHA1:996729B5B9A1E85F3B911911AF675C51549F6D13
                                                                                                                                                                                                                                                                                            SHA-256:392811F93E8DC4BD0BAEEF0DEDC6879DB667EAC0BE894BC6FBCF5BBB776AC98F
                                                                                                                                                                                                                                                                                            SHA-512:E7AE1C133B9660B791373F1D3BD6765207E6FC1D132687CCE99E267E4945CB9843A47FE53FF0C2A2F20C704F50A8F129514F56675B52FB2C354FC1D829EA62D9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............k..k..k..j..k......k......k.....k.....k......k......k.Rich.k.........................PE..d...).9S..........".................dP.......................................p..............................................................P..<....`.......@..$...................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata..$....@......................@..HINIT....@....P...................... ....rsrc........`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\install.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):51
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.239902792442837
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Eyd/MLVLV5rxk6BzX:EydELVLrqM7
                                                                                                                                                                                                                                                                                            MD5:F03B61C1BE8851BF64E2EB97D4A3AF85
                                                                                                                                                                                                                                                                                            SHA1:FE502F4ECD1209B3DADA7AC8F4876ED9FB5264E8
                                                                                                                                                                                                                                                                                            SHA-256:AF5EFC928B43A1A476BEAFC055B19568EBCEE29EF4CEB211353DD218689F833B
                                                                                                                                                                                                                                                                                            SHA-512:D229E472C0FAC83B5B952D368444DDCAC0DB965D033F29AC9EAB8F55D256BC4BFAB0861F21045A6E3B809F5B76AC30917AF321B3DC5F901F982CF477578ABD34
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:utils\devcon.exe install stvideo.inf STVideo_Driver

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\installWin7.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.625480821115634
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:EydKiRgLV5rxk6BzJzIvXYRABAC:EydOLrqMqPYRkAC
                                                                                                                                                                                                                                                                                            MD5:70271842A0F3305F9A2922EFE95FBED0
                                                                                                                                                                                                                                                                                            SHA1:8B60A48D3F3CE9BF397B586F88087A291DBE3B89
                                                                                                                                                                                                                                                                                            SHA-256:A537CF622B5DBAD19587CBC8FE08BBCE8BFE7E49497BECA5784723E876F99415
                                                                                                                                                                                                                                                                                            SHA-512:B84A1FE296A36346C9658F1A715114FE5A7518FC1E9B9C7A4D08DDFED760ED15626FCD1751EE361CE2D91FA9B19B75873BAA6ED1BB441BB5170DB50473FC2CD0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:utils\devcon install stvideo.inf STVideo_Driver_WIN7..utils\Mirror2Extend.exe

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\installWin7_64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):79
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7040270721314865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:EydRFMyEJLV5rxk6BzJzIvXYRABAC:EydRFYJLrqMqPYRkAC
                                                                                                                                                                                                                                                                                            MD5:C8D6ACDAF26E7B8FDAF2888E0CAE6275
                                                                                                                                                                                                                                                                                            SHA1:B46AF328CF18FA3687AE4D9EE06780C21A12B7D9
                                                                                                                                                                                                                                                                                            SHA-256:DE19F496F5932135FB25AB04EEE9E5A923728DDFBE13499058530239D890240D
                                                                                                                                                                                                                                                                                            SHA-512:79CF0BEDCB07C72B6FFF243F7B6D90116AF1E558290E873863C5BE6994ECB6A7E4D4A0ED33CB05D0AC3699CD2328B3E4613868DECB77D7B0BBA6CF49AD809067
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:utils\devcon64 install stvideo.inf STVideo_Driver_WIN7..utils\Mirror2Extend.exe

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20944
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.364902287777804
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:NpXpb9ygWK86AclLjQ/WzRf8aMKnqPndtQrcaceJe0uqmnYe+PjPGyz/wa4/h:59yD6nlLoWB8a5Od+zcuebZnYPLGK5a
                                                                                                                                                                                                                                                                                            MD5:FD3381A69042E1B01266549549845449
                                                                                                                                                                                                                                                                                            SHA1:C6D8D4BF754DA24C0C9B39DFF0B336120BF3829A
                                                                                                                                                                                                                                                                                            SHA-256:86688C2EAFB525E2E0E6723907E15567E426670C6B9934E129218A45F47B117A
                                                                                                                                                                                                                                                                                            SHA-512:E9CEBA750A44248860A5980475D41358C0E0B78EF65BF823995572AA091804D3AF836A2A456A8C4A394AE57AF2B8589DFBF561D1007A3A600136A0746EFFB479
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w....y...y...y...x...y..n..y..n....y..n..y..n..y.Rich..y.........PE..L...'.9S...........!.........................0......................................s........................................`..<....p..X............:..........H...`0...............................................0..T............................text...<........................... ..h.rdata.......0......................@..H.data........@......................@...INIT.........`.......0.............. ....rsrc...X....p.......2..............@..B.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.040113518412221
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Dq8YdZrnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9NH7:Dqjd9nYPL/p1P6j7rd7
                                                                                                                                                                                                                                                                                            MD5:3C1EBF4DFC9685F1D584F0D6F421391C
                                                                                                                                                                                                                                                                                            SHA1:99FB5FD1A755AC038818776C6FCB964FD027334F
                                                                                                                                                                                                                                                                                            SHA-256:237BC4CD7AC38B503EF2D319C484EEAE07562AB09629C218B5C5BEEB8D5A8586
                                                                                                                                                                                                                                                                                            SHA-512:84C5DCFBAEA40091F7D1D5003414FFA8926B3CEFFADD08071297C5F5A6929557D8EF36BE22181431CA56E773669CD1F15DCFA16494C935EF0C15707102A4A73F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....................................................Rich....................PE..L...'.9S............................>@....... ...............................p..............................................P@..<....P.......................`..0... ............................................... ...............................text............................... ..h.rdata....... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc..V....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11728
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.807178448617145
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:KHpo0tYsmKZWZ3/ECwTnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lfr9mOsPkHsV:Pe+jwTnYPL/p1P6j7TmOfHsV
                                                                                                                                                                                                                                                                                            MD5:36F961C6308CB0B919E659EB1B738AFA
                                                                                                                                                                                                                                                                                            SHA1:FC795A8FD24CBB3267474D99922CFF1BEE5F242D
                                                                                                                                                                                                                                                                                            SHA-256:4212786F0C3D5A00502A5926DE4E111BC9ABB84A4953C93DA6E17DCE4EC902E2
                                                                                                                                                                                                                                                                                            SHA-512:923A0C4B1454C4DEDA5AFD423B34D51FD9AECBBFC610006FC062CF031C81D4A2FDC94098E9DCA4FC16B25FE0766ECDEC12F450E8E4BC701F17832D3715F70C91
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.-...*.H........-.0.-....1.0...+......0..]..+.....7.....N0..J0...+.....7........PW3.@.<...`.c..140331064154Z0...+.....7.....0...0....R1.5.4.3.1.9.0.6.C.F.3.8.F.8.6.0.1.1.8.5.5.2.3.8.2.B.A.9.6.B.B.D.7.7.6.A.5.7.3.1...1..c0:..+.....7...1,0*...F.i.l.e........s.t.v.i.d.e.o...d.l.l...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........C...8.`..R8+.k.wjW10....R2.9.7.2.3.F.C.3.1.1.0.6.4.6.4.9.3.F.8.2.4.3.9.D.A.8.1.C.0.A.B.A.8.7.B.9.6.3.1.7...1..e0<..+.....7...1.0,...F.i.l.e........s.t.m.i.r.r.o.r...s.y.s...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15824
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.022305855965037
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:cdot9XqRolBJB3gP9tRHY8QjSec95NLnYe+PjPGyz/wOgjJ5Q7:cduaCvJQY8QjSz9vnYPLGKGI
                                                                                                                                                                                                                                                                                            MD5:AF512AA3612DEA5C2E2FAE866898EED5
                                                                                                                                                                                                                                                                                            SHA1:803810F8648832AB81DDF3B3C5862077EF6AFD4F
                                                                                                                                                                                                                                                                                            SHA-256:FBBEE200CBD1663A0F6D6F9FAD4502004DD4922C2257CC8AF6CBFB4DE1CBDB12
                                                                                                                                                                                                                                                                                            SHA-512:857D6F4F13ADACE91E7C90B6CADF601C87F3D98C9916C3D6079B153A48B7A9F16A5DB79B92D9E087F1646FE12DD65890292475D2D4DD0C823354EAA0B4BA5939
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..)...)...)...)....... ....... ...+... .../... ...(... ...(...Rich)...........PE..L...'.9S...........!.........6............... ...............................................................................`..<....p..P............&..............p ............................................... ..h............................text............................... ..h.rdata....... ......................@..H.data....)...0......................@...INIT....H....`...................... ....rsrc...P....p......................@..B.reloc...............$..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4694
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.249583632564649
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:E+5iOJLGq6BFPmfsLkfsof96zdUyLiypkTsTetTtqBlFL+WC:E+5iOJLGqsFPmfsLkfs86zdUyLiypkAU
                                                                                                                                                                                                                                                                                            MD5:BA4F5D984CB8611E64BFCEDE9C3B8E93
                                                                                                                                                                                                                                                                                            SHA1:AC67AA1C6C892FC04FC740647815F74C6671DD34
                                                                                                                                                                                                                                                                                            SHA-256:A31E1D6AE465C93B847D47BCECAE94E24B918BFF73DD7D9B31E6789322591DDD
                                                                                                                                                                                                                                                                                            SHA-512:16F3528FA573C612A0CF1BB772FB3C3DE2C4EBA619621E33DE0337D0954DE115BA39FAD0D7FD9816849E2BBC430EB84AAA802AA9F861F0B94EC890C9E19BCEBD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:; stvideo.inf..;..; Installation file (.inf) for the splashtop device...;..; (c) Copyright 2011-2014 Splashtop drivers ..;....[Version]..Signature="$CHICAGO$"..Provider=%splashtop%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=03/31/2014,1.0.2.0..CatalogFile="stvideo.cat"....[SourceDisksNames]..99 = %DiskId%,,,....[SourceDisksNames.amd64]..99 = %DiskId%,,,\64bits....[SourceDisksFiles]..stvideo.dll = 99..stmirror.dll = 99..stvideo.sys = 99..stmirror.sys = 99....[DestinationDirs]..DefaultDestDir = 11..stvideo.Miniport = 12..stvideo.Display = 11..stmirror.Display = 11..stmirror.Miniport = 12....[Manufacturer]..%splashtop% = stvideo_Mfg, NTx86, NTamd64....[stvideo_Mfg.NTx86]..%splashtop.DeviceDesc% = stvideo, STVideo_Driver..%splashtop.DeviceDesc% = stvideo_win7, STVideo_Driver_Win7..%splashtop.MirrorDeviceDesc% = stmirror, STMirror_Driver....[stvideo_Mfg.NTamd64]..%splashtop.DeviceDesc% = stvideo, STVideo_Driver..%splashtop.DeviceDesc% = stvi

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.040343349200973
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Ddg2s4nYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9xu5eF:Di2hnYPL/p1P6j7rxbF
                                                                                                                                                                                                                                                                                            MD5:46DF2F9B00DA96B8603F472EC4BEB416
                                                                                                                                                                                                                                                                                            SHA1:AFB25F23A849DAFECA73DFA6B0DF428619F6224E
                                                                                                                                                                                                                                                                                            SHA-256:8196CA7ED6BF904E00E2A2955AC8288801AA3983384268D5DF85F52AE10FC974
                                                                                                                                                                                                                                                                                            SHA-512:0284D0D1A025AED097C375343018DF023A7058CF741BFDE9D97DC647548BD18C05B068268818E6542954BDBB1FDF0B992277C565865A2084DF9BFA2E33A9FBDC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....................................................Rich....................PE..L...'.9S............................>@....... ...............................p.............................................P@..<....P.......................`..0... ............................................... ...............................text............................... ..h.rdata....... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc..V....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\Mirror2Extend.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57856
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.214858942297855
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:T6pztvRXL6L1T9mV0OTpJoNGDP5t2IhmX+o:T4tmL1EXCNGVt2IhmX+o
                                                                                                                                                                                                                                                                                            MD5:3B83E955AB0C3A815E0ED69EB6407C52
                                                                                                                                                                                                                                                                                            SHA1:995657C40BC9A28D36AFEA59FE8549B916F81B95
                                                                                                                                                                                                                                                                                            SHA-256:0C2EBB467661D404BCA91A080CCA0E5836797EFC474B62A3D22FB3419E3C8B52
                                                                                                                                                                                                                                                                                            SHA-512:1943EB1AFE81116657CBB33E87C7683CCF6D9EF22F59E5CEE840705E486A176DB5A7D67114A46ECDFC47A1B351F94DDEC72A05BDFB29CA6709CC696D877FDEBA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........X..SX..SX..SQ..Sz..SQ..SH..SQ..S;..SQ..S_..SX..S...SQ..SZ..SQ..SY..SRichX..S........PE..L.....M.....................D....................@..........................0......|.....@.................................T...P............................ ..@...p...................................@...............(............................text...4........................... ..`.rdata... ......."..................@..@.data....+..........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                            MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                            SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                            SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                            SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                            MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                            SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                            SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                            SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsb.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):542216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.466753301083591
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:TXL84WA5C/KIcgHrlti0XoppdpRFT/FKf51PnofX09v:TXL84lopcgRti9FT/FKvnuX4v
                                                                                                                                                                                                                                                                                            MD5:BB241F864550BFA8AD2346C65E0CE41C
                                                                                                                                                                                                                                                                                            SHA1:378769EE7D6CA44554103E6A23F1BD20BB9E2564
                                                                                                                                                                                                                                                                                            SHA-256:58C4394BBE98BA2B9344209CDC98F5DB854A385ABEB4C74BD111B0ED661D1D61
                                                                                                                                                                                                                                                                                            SHA-512:68CF0A4CC802A10C218B3155D427DA5DFB6EDEA7671A41D016A5844011896C84490123E008CDAC2A4C5C60150B777F6742BA47A95050DFC1DBDEE20E332765EC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.gS..4S..4S..4.`.5Y..4.`.5...4.`.5I..4.l.5C..4.l.5Y..4.l.5...4.`.5B..4S..4...4Gm.5Y..4Gmh4R..4S..4R..4Gm.5R..4RichS..4........PE..d......e.........."....$.....B......p".........@....................................9.....`.................................................d........p...........A.......(......D....&..p....................'..(....%..@............................................text............................... ..`.rdata.............................@..@.data....5..........................@....pdata...A.......B..................@..@_RDATA..\....`......................@..@.rsrc........p......................@..@.reloc..D...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsbVhciCtrl64.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2816416
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.82236063017737
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:wVaHMTDMmyUZe4RF+A8LO9Us1BXEne0Nxx4kta2R74IIjvmIFe5mxoDpuBw1s31n:wVTuERKy9v1BXEne0Nxx4kta2V4IIjvZ
                                                                                                                                                                                                                                                                                            MD5:DF362B11095D0F59ECF9DDC0DAF61B12
                                                                                                                                                                                                                                                                                            SHA1:6BB3B490F048FD1306D714651F6C2C488BC318D9
                                                                                                                                                                                                                                                                                            SHA-256:BAFA22DA91BF2B44E4EFBBDFB8D7FB64B6F8A04569F2737EA49C384CDAD193F7
                                                                                                                                                                                                                                                                                            SHA-512:0A03BBF0DEF16E78556041DAC5EF003957384C37F07B08EBC0917921DC30189C2E3CFF7F91F369BD7195A8EE3E84D194113F0D889897C5679DEA263F27821FFE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2..e.........." ......*...... ..0.I..0....................................J.....v.+...`...........................................I.\.....I.<.....I...... G.......*..-..,.I.............................(.I.(...................................................UPX0..... ..............................UPX1......*..0....*.................@....rsrc.........I.......*.............@...3.96.UPX!.$..c-rX...OI>H...*...G.I..l....H....F........@.AWAVATVWUSH.. A..|.........................f.....{...... H.5.....}..g1..H..>t.(...%.....?..v......=u.f=.....<......"g.|.....w..H....M..I..eh.%00.....p..P.7...t$H9.....-...=.uv.T...5!..u......f....,...>.u....H........#.a.2...&/.d......[..a.D...R....t.L..A.....{..O......E1....D.....m. []_^A\A._.a.y(.p...f.._....Uc(L.9^A..1>l..t....y..v.....z....G..w**.....$(...SW...)...,...."[\...=...2s.....E....F1...&;..v....y.wp.....t#.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsb.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):465928
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6188868975232875
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:nmELSchToqY92QUOMIsV7iPSdutxml26jmlE662:bnAUF1pAb
                                                                                                                                                                                                                                                                                            MD5:12A3EF8EF5D70994B9500FA0801F8903
                                                                                                                                                                                                                                                                                            SHA1:C06C2AC1CC4B7D50DDFD36E32CDB2274618294B7
                                                                                                                                                                                                                                                                                            SHA-256:520C5A35F943B06888A96339EB2B8B5BEEB70046B5835DC0190AF77B4E0824FC
                                                                                                                                                                                                                                                                                            SHA-512:EF4AE07C1F2A636D57F5FA64505CE8CA581FAFD450DAC9FFAED69B84259BC21A3632E401577FA996C5C699352B07325CA7CB4CF82FD46E3C98E506E08B3125E0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Lyqa...2...2...2.j.3...2.j.3...2.j.3...2.f.3...2.f.3...2.f.3S..2.j.3...2...2...2.g.3...2.g.2...2...2...2.g.3...2Rich...2........PE..L......e...............$.X..........7........p....@..........................@......B ....@.................................4............................(......t8...P..p....................Q...... P..@............p..8............................text....V.......X.................. ..`.rdata...A...p...B...\..............@..@.data....%..........................@....rsrc...............................@..@.reloc..t8.......:..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsbVhciCtrl32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2581408
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8335475472495375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:bGF1tZkcS3fy3i9Ov8l6/kKkN6PLsCzvDxg7abakf35UXAtuwHgLYV1G4DW1L6Ky:bs1kcS3fy3pv8l6/kKqiLpPuabakf35n
                                                                                                                                                                                                                                                                                            MD5:348AF13556E619DA13459047DAB625B9
                                                                                                                                                                                                                                                                                            SHA1:6F3CB9022C715AFC6156A44A73D9D10147AB6CA4
                                                                                                                                                                                                                                                                                            SHA-256:75BDBB78A7CEE839496A8E643E2E631D04E243C4B466F3AF7FCD8C8A01288807
                                                                                                                                                                                                                                                                                            SHA-512:344C43F62910CF5D1B31AA3A17E0A581C438055D49DC59071574F3D1A500C0945AFE89C2AB54045140B4EB79221B5A7E0814056C5600055FD3A0D458436D9CC0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...[..e...........!.....0'......."...J..."...J.............................. J.....+-(...@......................... .J.\.....J.......J..............6'..-..|.J...............................J.....................................................UPX0......".............................UPX1.....0'..."..*'.................@....rsrc.........J......,'.............@...3.96.UPX!.....'.tl..8..I..''...H.&...o...h.>e....`....f.USWV....D$........tz....M".R...-..........5..p..a1....>t...."}..........h.....9u.=s.Z.^.......>..6...........nd...h.v...k../...t 9.t....{3m.7.u.-.E.n..~.u.j..."L.".}u......2e.J ....PQ.......k.PC..$...z........X.IL.6t......t$.j.....C...1...........^_[]...V.L$.TJ...$......a...P...^^Jf..4...?......UX...._/............F.^|.<.w&.VW...v.t...v%.!."LqO...."..9...,...WJ.d.....)Rj.s...W.h.G]....qA..<$G...C*.+t..G.#..@?.1?.....x7....$./...h..".ul......

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomCtrl64.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3116552
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.392745373577217
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:bPZ5TNGpStg+wTMz3Q8giStLONyAppqk8W+OcVpcL0865eGzYPcL1l:gtMziR8k1DcLv6xL1l
                                                                                                                                                                                                                                                                                            MD5:9CA925B6A0CFA7F8B0222233B3494D05
                                                                                                                                                                                                                                                                                            SHA1:20EF67FDEA63178B92D2BF4755C02687DC9D9022
                                                                                                                                                                                                                                                                                            SHA-256:5C66BE5F5D9A8CD7CBD5F31EF3AAFE7A422186E9B21AC564B58362508BF0583A
                                                                                                                                                                                                                                                                                            SHA-512:FBF69CAB559363EE0C16E4F04A7A3BED101B1B7D96383D2E092DE6EED505522CC7D1FEA1900FB0A63293BDEE34A5006583A1540D61043439CCE4EB12FF505879
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......)r.3m..`m..`m..`.a.aa..`.a.a...`.a.av..`.g.ao..`"o.a|..`"o.ag..`"o.a#..`.a.a`..`m..`...`.o.ae..`.o.al..`.o{`l..`m..`l..`.o.al..`Richm..`........................PE..d...)..d.........." ...".:...`......l^......................................../.....M.0...`..........................................,.X...(.,......0/.h....P-......f/..(...@/.H... .*.p.....................*.(.....*.@............P...............................text...|8.......:.................. ..`.rdata..ZM...P...N...>..............@..@.data........,..p....,.............@....pdata.......P-.......,.............@..@_RDATA..\.... /.....................@..@.rsrc...h....0/.....................@..@.reloc..H....@/.....................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomUtil64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32264
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.549378989734658
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3mFO3OkMgk4tx/knVGuOA0R2dEpYiTPxchfU49:3SO3trenVODR2W7TPxchfUg
                                                                                                                                                                                                                                                                                            MD5:48C3A4A2FA37A0BFC5BD90874A63AF44
                                                                                                                                                                                                                                                                                            SHA1:27A3FBF2603B36DD972401CF8B976FBC282A2C3D
                                                                                                                                                                                                                                                                                            SHA-256:3822BE932AED0A6E5C5A9F3CD80440AD96C8248F187F67324221A58AF5276296
                                                                                                                                                                                                                                                                                            SHA-512:F261A54AF5B0204B8018B5844CDDA6BDC1F399AB3375BF171B8E7081A9BCA583D061F7182EA140E5E2A9E42916C78C2C7256AF516B15EC16AD51AD8ADFBC57EA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[..:..:..:..u[..:..BX..:..BN..:..BI..:..B^..:..:..:..BG..:..BY..:..B\..:.Rich.:.........PE..d......d.........."......*...(......,0.........@....................................<.....@..................................................L..d.......l....p..D....V...(......L....B...............................................@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......D..............@....pdata..D....p.......F..............@..@.rsrc...l............L..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomCtrl32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2403848
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7207202597413875
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:FgGdcX0zBXVSNi2z4xw4G7NyzRP1ikMHeBNWHr:F4X2ikxwTNsi7
                                                                                                                                                                                                                                                                                            MD5:4CF09B45FEE4FD22DC22B0AF706E4D80
                                                                                                                                                                                                                                                                                            SHA1:86A6E08A3F7C315F1FDE9A9499EE91EE6A0F1407
                                                                                                                                                                                                                                                                                            SHA-256:4D925CF495ED97B7B73F7A93B01F7C529B55EB4581479120D235DC9263D06A3D
                                                                                                                                                                                                                                                                                            SHA-512:FD4B8E15B5A2C0B5045F039E2498D1CEFA5BB4913E302C56E6B84526279D36378D87E9269435B5AF644BA019CF056BF47E818F192FDD9D35F1AC8CF8D6DDD531
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......|.q8.."8.."8.."...#*.."...#..."...#/.."...#:.."w..#).."w..#!.."w..#s.."...#5.."8.."..."...#0.."...#9.."..%"9.."8.M"9.."...#9.."Rich8.."........................PE..L......d...........!...".............W........................................$......$...@...........................".X...8."......`#.h.............$..(...p#..o....".p...................@."......".@............................................text............................... ..`.rdata..............................@..@.data...pr...."..N....".............@....rsrc...h....`#.......#.............@..@.reloc...o...p#..p....#.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomUtil32.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):29192
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.708144938787245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:EJVI3R0H/aWeIUhwNslRPbJyRefvcO+mVMWehLNyb8E9VF6IYiTPxcbdGgktyVEF:EJKMC8NsLPtxcO+AMPlEpYiTPxchOF
                                                                                                                                                                                                                                                                                            MD5:A958758134E6D61D45BA0C4968380A8B
                                                                                                                                                                                                                                                                                            SHA1:F40142518B13782CD2A06844CD8147B337E459DA
                                                                                                                                                                                                                                                                                            SHA-256:30FD28720C7235F45140ED0642A4C71FF0DB1E93362D5694D87026DDA14992F9
                                                                                                                                                                                                                                                                                            SHA-512:1645C335C36AAC6A6BD2A74E41F7176776E70B696705F491CA8CCD6E99A54C3ECBC52E8BA081E9B0E57F5C08E0546D5302A7D28D72C350EC08446D54457360D1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U(...I...I...I...Z..I...1Y..I...1O..I...1H..I...1_..I...I..sI...1F..I...1X..I...1]..I..Rich.I..........................PE..L......d.................&... .......+.......@....@.......................................@..................................F..d....`..l............J...(...p......pA...............................C..@............@..H............................text...K$.......&.................. ..`.rdata.......@.......*..............@..@.data...0....P.......:..............@....rsrc...l....`.......<..............@..@.reloc..4....p.......D..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Elevator.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):107312
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.447984928648711
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:BTeWLZrzci/8dbquofWnRADp2y6hX2hbTYzLhrhkphDZ52DBXN+vl/DFS:BCWFfqbqaGnGzLhr82DBXN+v2
                                                                                                                                                                                                                                                                                            MD5:BCEF2D42768A816AF7CD60391CBA3C0E
                                                                                                                                                                                                                                                                                            SHA1:E17EC512C595318DC5F282CB73B71CFCB0B52A7E
                                                                                                                                                                                                                                                                                            SHA-256:0EA236D80EFFA865F73E728D06790AB5583660EC915C979E8D96CAF692B6FE80
                                                                                                                                                                                                                                                                                            SHA-512:389B36A464C417AAAE16A229F004A01D4F1EBC8F3D8E8A4D12B5AA82D9BA5EDE4A139B3999BAF1D9BF862D3B4BD5A6A0D89CC0A3561E8CA15EF19AA771DEE475
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r...r...r...{...f...{.......{...D...{...}...r.......{...p...l...s...{...s...Richr...........PE..L......U.....................l.......W.......0....@..................................0....@..................................\..........................0............2..............................@N..@............0...............................text............................... ..`.rdata...6...0...8..................@..@.data....-...p.......V..............@....rsrc................h..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\NvFBC.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):76752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.281018016209332
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:TMM1hIpiOe7unK1L0RW7Z4tk05ZpJBkkmN6/2EvK6k:TMM/hOeSK1DZ4tk0/B7OEvK6k
                                                                                                                                                                                                                                                                                            MD5:8CED2B2F0E61A1BA20D63B24A41E1234
                                                                                                                                                                                                                                                                                            SHA1:9731E2756EAB7A902DA1A72C0F1DC008425037C5
                                                                                                                                                                                                                                                                                            SHA-256:44DB8AF61B92B39C805B136D2FB608D9D9082F051DDBD9AEE9E3A760B34EFF13
                                                                                                                                                                                                                                                                                            SHA-512:087596DC595B786D74087BCEEA2F1A9B46F4EADCB1162201F32CB05B9BD207520C617AD849CD52788B5C2E579CF72B2B1BB7A5265D10B450B5E6FB8D17D1C07B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].mt...'...'...'v..'=..'v..'...'v..'q..'>+x'...'...'...'...'r..'v..'...'v..'...'v..'...'Rich...'........PE..L.....jP...........!................VE.......................................`...........@.........................`...........d............................@..P.......................................@...............t............................text...'........................... ..`.rdata...8.......:..................@..@.data... 1..........................@....reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PinShortCut.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):91432
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.020228136904558
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:5UBy2mcawf1jBALblIkWHgMCtd+DIO6iUY:SyNcRjyLKGMCtd+DtDUY
                                                                                                                                                                                                                                                                                            MD5:B510DA2C973FEB05803F124D0507D3A4
                                                                                                                                                                                                                                                                                            SHA1:8F1344CEF1DB998698E1467AD22E30ED3BCE584B
                                                                                                                                                                                                                                                                                            SHA-256:A39DEBD7558B4E769AC277A7D05B532318AB7774490310F76BDFE9E55240D9CA
                                                                                                                                                                                                                                                                                            SHA-512:AFC90D52B19B5E8186C62F5F1B720AB68EB34A997D3099824C7396FCC74D1ED76063BA1541FAAD999806BCFCC375909636E48EF36957157AAD766256B2999E6A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.B.s.,.s.,.s.,.z...b.,.z...K.,.z.....,.z...`.,.s.-...,.z...w.,.m...r.,.z...r.,.Richs.,.................PE..L....^.R............................@9............@..................................?....@.....................................x....0..x;...........L..(....p..X.......................................@...............x............................text...7........................... ..`.rdata..N0.......2..................@..@.data...............................@....rsrc...x;...0...<..................@..@.reloc..z....p.......2..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PkgHelper.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.545608024132094
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:k4UWlA7/ZJoE1s76gv/vKnGStqzWTBflx+FOGqK1:PY7/3s76ginGS4zWTBQv
                                                                                                                                                                                                                                                                                            MD5:27CA510E2DDFE647F742F98C2EC6A7F7
                                                                                                                                                                                                                                                                                            SHA1:1F422E39770D9565460F881D078D8C335B678255
                                                                                                                                                                                                                                                                                            SHA-256:41BA7791F830EFBDF5F942A0B6DCF98C6A7D37B7DC06EED21F86AFBED0215C9A
                                                                                                                                                                                                                                                                                            SHA-512:ACBF7A23FB033ADB314466324AF6D1C6F543F6FADB6439B3E80F35467432754396667C9CA511A4D8AC3178BB51CD61EA3D94755436EFA9231EA362282C5FA2E4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9..Kv4..9...A7..9...A!..9...A&..9...A1..9...9...9...A(..9...A0..9...k6..9...A3..9..Rich.9..........PE..L...8-,Q...........!................L3...............................................h....@.........................@[......(S..<.......|.......................0....................................G..@...............l............................text............................... ..`.rdata...k.......l..................@..@.data...87...`.......J..............@....rsrc...|............b..............@..@.reloc...............h..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAdemWrapper.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):103936
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.506376535370947
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:KafuEldIIEbXAiVuvw2tk6SDrc5tGrxn4T:K0uR1jLuI2nrqxn8
                                                                                                                                                                                                                                                                                            MD5:D860E291709E176D5240A45F41ADC19F
                                                                                                                                                                                                                                                                                            SHA1:5FC1980A5649638B2FB9357B75514ADCBAE143D6
                                                                                                                                                                                                                                                                                            SHA-256:41606E269B4FB6EFEDB1579CAC09F8B551C95FA29D91D59ADECBF9F521214FFC
                                                                                                                                                                                                                                                                                            SHA-512:80F7F8B56028D00ECE1EDF20DFEE0988EFD09824A2987D62DAFD24B9DA31A11B6722B6391FF910DE52E3F2C82B493F7C198B236FEC224BC7256E424063D92D9D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u..u..u..L...u..L...?u..].n.u....u....u....u..L...u..L...u..u..{u.....u.....u....Z.u..u2.u.....u..Rich.u..................PE..L.....Gg...........!...*.............................................................h....@.........................pQ...... R..P.......x............n...(...........A..p...................@B.......A..@...............l............................text............................... ..`.rdata..Zk.......l..................@..@.data........`.......J..............@....rsrc...x............V..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2379264
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.769396505812561
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:KKFf535HoOUmRXqJbqn8I1c1Tz9Fe7b7KSIMKChiIsYnJEM86/OoGniHmsQsz0jz:KKFxJHlU2jn8I1ciK44unCMZ/TGni5M
                                                                                                                                                                                                                                                                                            MD5:10E37674077C055157DE155268EA05CA
                                                                                                                                                                                                                                                                                            SHA1:94BB72EB6E9752316F940DD94A019E47DC09B8CA
                                                                                                                                                                                                                                                                                            SHA-256:60464CAE0663E49F60AD783A411E1217BE084D1DB0D4B22529B88E19F2016C4E
                                                                                                                                                                                                                                                                                            SHA-512:B73E850DA693688E5FD0D20BAC541AC5A6D158ACCDB96A65305261F4C3361CB81A3BC74D6D6DA1E64E183F4405EB829E7DE66BA11993B07CF34E108AC18496E9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......A....`|..`|..`|......`|...y..`|.h.x.5`|......`|....`|......`|...x..`|...y.a`|...x..`|...z..`|...}. `|..`}..a|...u.y`|....`|..`..`|...~..`|.Rich.`|.........PE..L...w.Gg...............*.....L....................@...........................$.......%...@..................................,".T.....".P............&$..(....#.lv..P...p............................-..@....................)".`....................text............................... ..`.rdata..f@.......B..................@..@.data...\....`"..n...:".............@....rsrc...P.....".......".............@..@.reloc..lv....#..x....".............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRApp.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2836992
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.527342658774563
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:BSSDD4wSJNo/WENvcswSNNGIxNWP4XBEkhiJqi2upPKTFG1kHWyrlVH:BSmD45JKvvcswqNGqNWP4XrhiR2upPfO
                                                                                                                                                                                                                                                                                            MD5:04722A3BFC71AAEE7CA9A76884579D65
                                                                                                                                                                                                                                                                                            SHA1:6EBC53F9A9DCCFD9AD8B4ADAE2D50335D340B1B0
                                                                                                                                                                                                                                                                                            SHA-256:858AEA90208A0A85ABC95879862AAADE00DBD9554657985D4A87BC7AFFB750A4
                                                                                                                                                                                                                                                                                            SHA-512:80248B7D9EB5E2E63F726761317AB08238C39780D3FE0ED0C5E10E3527B908AB5B0B6023462DA68A1FB761AE3190AB7DC9F1019415805949DF72E8F2F1D8037F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........,..M...M...M..z?...M..z?...M..z?..qM..z?...M..z?...M...M...N......M......M.....<L...5/..M..(...M..(.S..M...M;..M..(...M..Rich.M..........................PE..L.....Gg...............*.p...........}............@...........................+.....}.+...@..................................w!......."............."+..(...@). b......p...................@...........@...............L............................text...Cn.......p.................. ..`.rdata..v5.......6...t..............@..@.data.........!..n....!.............@....rsrc........".......".............@..@.reloc.. b...@)..d....(.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppBS.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):530432
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6404646106872995
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:ZGPp4WLdmh9bOTW6BegnZov11FFHYWZT2g8CS/iU4/+kwltm+tH:ZCpHxW9bOTW6pfWZ/0Q+kwltH
                                                                                                                                                                                                                                                                                            MD5:B3AF783FB0735F9DF94CC02FF30A4826
                                                                                                                                                                                                                                                                                            SHA1:5FB41279B36DA16F93E11AECE1C62AE6C4A7C920
                                                                                                                                                                                                                                                                                            SHA-256:66DE33BDCE92A421C9B5D957D68E32648AFA8846F6CAB0D8CB7155D585B51217
                                                                                                                                                                                                                                                                                            SHA-512:897B433CB2E750998217E4C26AF1F811F41C6CBFECC1F6B2F01C747FF640C48B92AC3C9BA855716A6692648303D92176A38FFB5E168FBDACE8D71350061DCFA5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................./....../..G....-.....-.....-....../..../............}-....}-w.............}-......Rich....................PE..L.....Gg...............*............E.............@..........................0......n.....@.................................<...........(................(.......(......p...............................@...............,............................text...<........................... ..`.rdata..T...........................@..@.data...X#..........................@....rsrc...(...........................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2850816
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.517854848526215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:7Gx/AAxVDcAO1x/1XbVQmA6QOTzwboyNxzfEXVXvUPyt0WU1kHWjgFNfWK:7QAkDcDNrVQmAFOT0boOxzEXVXvUPytD
                                                                                                                                                                                                                                                                                            MD5:E602B1E476F341DB71988D72EFFCB3C5
                                                                                                                                                                                                                                                                                            SHA1:4016EE9BAE46BE2BB2C87D96A180B4938284B00E
                                                                                                                                                                                                                                                                                            SHA-256:A1EA69F08C135C8696965E639AF17DAE8394948E3BAD43250CE69E2F260288A6
                                                                                                                                                                                                                                                                                            SHA-512:1FD3FA83CEECFB58585956DCE9E23991B7CA4AAD38DBB53DDD02C1DED7C72831271E41BB6F919A724874171AA9EF55C8AA52412FD7D411C67738DC9F9B9DC5CB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P5..T...T...T...&...T...&..<T...&...T...&...T...&..9T...T..W......T......T.....U....3T...[..T...T3..T.....T..Rich.T..........................PE..L.....Gg...............*.:...t.......3.......P....@...........................+......q,...@.................................,. ......."..d...........X+..(....).._......p...............................@............P...............................text...b9.......:.................. ..`.rdata..>....P.......>..............@..@.data........@!..l...&!.............@....rsrc....d...."..f....!.............@..@.reloc..._....)..`....(.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioChat.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2849280
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.644869245139304
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:I/K0wipdHjYNYdsgLuUSUBCgGbJwkJuaNY4rX4Oz0nDUu0+44gtDWN/9RcM:I/K0wgHjYBfUdM1bJwPx4rXJz0nDUu06
                                                                                                                                                                                                                                                                                            MD5:4658ABED8DB174A9C054939C048519E9
                                                                                                                                                                                                                                                                                            SHA1:6C5077198D0B544D07F5B84647A7A4E1EFEAFF7B
                                                                                                                                                                                                                                                                                            SHA-256:A4F70F6C80EA08794FEF376661F824755437C54AFCF5BF4BFDA627C75B3F3958
                                                                                                                                                                                                                                                                                            SHA-512:3AE7E24A3729CF8C4B8C89742F677841C1459B1F25845E76336F3D298D39CD5C99F1D1290B956D3BFC26D2BC20AD7F1ED1287D11AF50CA101197F77187E59EE2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........0.#.Q.p.Q.p.Q.p.#.q.Q.pl..q.Q.pN..q.Q.p.#.q.Q.p.#.q.Q.p.#.q.Q.p.#.q.Q.p.Q.plR.p...q.Q.p...q.Q.p...qOP.pX..q.Q.pX..p.Q.p.Qzp.Q.pX..q.Q.pRich.Q.p........................PE..L...?.Gg...............*.j...R.......o............@...........................+.......+...@..................................@!......p"..............R+..(....)..g...L..p...................@M.......K..@............................................text...=i.......j.................. ..`.rdata...............n..............@..@.data.........!..l...r!.............@....rsrc........p".......!.............@..@.reloc...g....)..h....(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioResample.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):127488
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.663554668491881
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:9DqwtC2tFHqvUPPTe3iiWfFCQGe+bpy/s/Hwkrz9:EgHqvUHTKiTfFCQGIEQkrR
                                                                                                                                                                                                                                                                                            MD5:B6742D1DFB06465E7882EB0E104C9F8C
                                                                                                                                                                                                                                                                                            SHA1:9314806DB0B08950391608B6720C1E1CB0452066
                                                                                                                                                                                                                                                                                            SHA-256:1F8E3AEBF38BDC9FF8693861A1DE627C30231C7E0987B6677647DAA0BD0B1B4B
                                                                                                                                                                                                                                                                                            SHA-512:37181A4CCF99954EACB5A4938B6CDAA0A3D86F38E380D91DB6A3335AA27A14469C501C24E2607630F6FDC96E8506BFFF2A2DFAFA6640EED9A2F4F4CB173B103C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._]e,.<...<...<...N.~.<...N.~.<...N.~.<.....~.<.....~.<.....~.<...N.~.<...<..K<.....~.<.....~.<.......<...<...<.....~.<..Rich.<..........PE..L...>.Gg...........!...*.....................@.......................................6....@....................................(........................(......p...(...p...........................h...@............@...............................text...,,.......................... ..`.rdata...u...@...v...2..............@..@.data...............................@....rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRChat.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2849280
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.644867523632735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:T/K0wipdHjYNYdsgLuUSUBCgGbJwkJuaNY4rX4Oz0nDUu0+44gtDWN/9Rcp:T/K0wgHjYBfUdM1bJwPx4rXJz0nDUu0b
                                                                                                                                                                                                                                                                                            MD5:1B8E54ADE276268686148703012BDF9A
                                                                                                                                                                                                                                                                                            SHA1:0168E1EA61506BA5CDC5C1252B53CBC8425A2C90
                                                                                                                                                                                                                                                                                            SHA-256:3657FF2C247A7AC403D204B8C0E4272FC8313DAEC87A48F1390A381651EBF32C
                                                                                                                                                                                                                                                                                            SHA-512:9C9FAD3010B045774F3199F3DF44A23B37E45023CF3E3982327CC23B0CD626F74ACF0CE039A7805D9CD099404FC007FFB1C1EE25854C4392D8DE594F5638F3FC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........0.#.Q.p.Q.p.Q.p.#.q.Q.pl..q.Q.pN..q.Q.p.#.q.Q.p.#.q.Q.p.#.q.Q.p.#.q.Q.p.Q.plR.p...q.Q.p...q.Q.p...qOP.pX..q.Q.pX..p.Q.p.Qzp.Q.pX..q.Q.pRich.Q.p........................PE..L...?.Gg...............*.j...R.......o............@...........................+......p,...@..................................@!......p"..............R+..(....)..g...L..p...................@M.......K..@............................................text...=i.......j.................. ..`.rdata...............n..............@..@.data.........!..l...r!.............@....rsrc........p".......!.............@..@.reloc...g....)..h....(.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2457600
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4665029094334106
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:Wu2bGu57Chhw74ijGJzYMyHywNimeOsokCci8ViqH1kHWq8ImHyq:Wu29Chy0ijGJz6HzNiFOzkCci8YQSWq8
                                                                                                                                                                                                                                                                                            MD5:DCBD4CE0487968DB366130A2F6DBAC66
                                                                                                                                                                                                                                                                                            SHA1:E3886010D2903EB25F3875489E172D1775955591
                                                                                                                                                                                                                                                                                            SHA-256:25949F095813F182B657A3DDD63770D45A65474AE9A82BC78791ACEC39040D4E
                                                                                                                                                                                                                                                                                            SHA-512:A5909C28C53CA03F5DF8DD47AC5EA3FE25C4A979781750F2F4A2F7006D7661A51291C06A81A4313272E6855743FBB02195927EB512459D7E0640BEBF476200C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z.!...r...r...r.i.s...r.i.s...r.i.s...r.i.s...r.i.s...r...rS..r..s...r..s...r..s...rZ..s...rZ.rr...r...r...rZ..s...rRich...r........PE..L...R.Gg...............*. ...|......M[.......0....@...........................%......%...@.....................................|.......h............X%..(....#.. ......p...........................0...@............0..$............................text............ .................. ..`.rdata.......0.......$..............@..@.data...x....P...X...:..............@....rsrc...h...........................@..@.reloc... ....#.."...6#.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiCaptor.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):142336
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.178830046845713
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:eIRS31UwelTwwoJChcq6UfS/Hqvo+h38cD8DUsWjcd7LX9rd1eV4jnjaVQ768hXh:eIvMg6MSqp4bPtd1eV4juiUg
                                                                                                                                                                                                                                                                                            MD5:68A0D702C089EDF550F1C5778FC433E5
                                                                                                                                                                                                                                                                                            SHA1:FE226B4794B82140AAB65FC604FDE6A7AA7E4026
                                                                                                                                                                                                                                                                                            SHA-256:2282E3D61C36FE6F5E2F9E9F4EB3AF1A14550567BEEAE2B76911BCA9FEE31CEF
                                                                                                                                                                                                                                                                                            SHA-512:898864EE93DC5FC5A9B36DE6441970355568CBB1E3AEB9A7E4D43CFBBF07E8EE46AB793453EB31DB1B345FB6BA435D4DD85190E93A66B05660CFB357771EB5CC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...6...6...6^'86...6^';6...6^':6...6...6...6S.L6...6..&6...6..?6...6..<6...6..b6...6..96...6Rich...6........PE..L.....Gg...........!.....0...........^.......@...............................@......b.....@......................... ...}...$...P.......x................(...........A..8...............................@............@..d............................text..../.......0.................. ..`.rdata...~...@.......4..............@..@.data..../..........................@....rsrc...x...........................@..@.reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiHelper.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):94640
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.423065206229182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:iYqYiH1S4d7O6R/S4Ka2ogPgz8KT9Tvx2+wAZLvva24:dqYiV+2Su0wTvI+wwva24
                                                                                                                                                                                                                                                                                            MD5:F6F00886EE605DECD561BD3465151BD5
                                                                                                                                                                                                                                                                                            SHA1:2585353A6B42041244661D260CA7885E269A38C6
                                                                                                                                                                                                                                                                                            SHA-256:126EE74EF2F420292FA5FFC120851D8B62854253568483FCE0DFA4B30F25E0E4
                                                                                                                                                                                                                                                                                            SHA-512:A919E02F81520D285F769CF7E92EE25C85F2EB1949A29FFF022328E10937AA779477D6641F98EAE6720C0986B46240B7B3442693C4FBA0F70E0EA17E3517BB2C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h0...c...c...c...c...c...c...ca..c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...cRich...c................PE..L...Tn.^...........!.........f.......T..............................................u.....@.........................p3..|...h+..P....p...............Z..................................................@...............\............................text............................... ..`.rdata...3.......4..................@..@.data....,...@.......(..............@....rsrc........p.......:..............@..@.reloc...............@..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeatMini.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4837888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.622241141969028
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:Q18FkQJp2B2mIzIpEOd4+jJOj8yIFIvyxV5BczbkyCIHItktSeadToLOHW4T1BuG:Q8FkQJp2B2mIzIpEOd4+jJOj8yIFIvyb
                                                                                                                                                                                                                                                                                            MD5:C48A820FCB7B8ECE368E540E5933E09A
                                                                                                                                                                                                                                                                                            SHA1:BE693F2563EA4AD7662B25E15F1ED3C09CD8FDF8
                                                                                                                                                                                                                                                                                            SHA-256:1E22C9ED2D95ACDFD072B66CDF04E8E291BDCC5199B5DCC3FAEB3098BC8412BD
                                                                                                                                                                                                                                                                                            SHA-512:3F5755FF170198A4384D50F4E2A1F40CEBFCE522E9E2EA10D037A426CF1F9DB636112BDD6DE1BB2B06DAEB3AC3E41C5D43D5DA5A111DD0D2F8AE59E672E31211
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......^<W|.]9/.]9/.]9/./:.1]9/=.D/.]9/.]9/.^9/.Qf/.]9/u+./.]9/=.W/.]9/..8..]9/..8..]9/.%./.]9/.!=..]9/.!<..]9/.../.]9/..:..]9/..=..]9/..<.r]9/./=.<]9/./<..]9/./?..]9/./8.+]9/.]8/K_9/.%./.]9/..0..]9/.../.]9/.]./.]9/..;..]9/Rich.]9/................PE..L...e.Gg...............*.<?...........:......`?...@...........................J.......J...@...................................D.......D...............I..(....H.\<..@.B.p.....................B......GA.@............`?.......D.@....................text...<3?......4?................. ..`.orpc...e....P?......8?............. ..`.rdata..<....`?......@?.............@..@.data...de...@D..L....D.............@....rsrc.........D......hD.............@..@.reloc..\<....H..>...lH.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4837888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.622243615784726
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:u18FkQJp2B2mIzIpEOd4+jJOj8yIFIvyxV5BczbkyCIHItktSeadToLOHW4T1BuT:K8FkQJp2B2mIzIpEOd4+jJOj8yIFIvyy
                                                                                                                                                                                                                                                                                            MD5:80E5BBD4DE10D4908C5E7DD19C9CE94C
                                                                                                                                                                                                                                                                                            SHA1:ACBEBA8C27496867BEB8AD0E1C91E5026DE162B6
                                                                                                                                                                                                                                                                                            SHA-256:233CC31FD34B7FC91C35349D4389986675A12157BDA29A093D03EB725B8AD7F9
                                                                                                                                                                                                                                                                                            SHA-512:B101ACBAE612B92E7B68D32DE2DA38393C23ED6D23FAC12D3B841E4F6F9571C16318D8ACD1339F8C0D834A05A827D518078A5DA61D14E8964347C3DF31722737
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......^<W|.]9/.]9/.]9/./:.1]9/=.D/.]9/.]9/.^9/.Qf/.]9/u+./.]9/=.W/.]9/..8..]9/..8..]9/.%./.]9/.!=..]9/.!<..]9/.../.]9/..:..]9/..=..]9/..<.r]9/./=.<]9/./<..]9/./?..]9/./8.+]9/.]8/K_9/.%./.]9/..0..]9/.../.]9/.]./.]9/..;..]9/Rich.]9/................PE..L...e.Gg...............*.<?...........:......`?...@...........................J......sJ...@...................................D.......D...............I..(....H.\<..@.B.p.....................B......GA.@............`?.......D.@....................text...<3?......4?................. ..`.orpc...e....P?......8?............. ..`.rdata..<....`?......@?.............@..@.data...de...@D..L....D.............@....rsrc.........D......hD.............@..@.reloc..\<....H..>...lH.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1880064
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.694767857957415
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:Ap1mUlF3U5o3gJURE+G4wuuDRMKJt/n1nOAmLVQ1kbNumkerlAT/VQKxUUwk155o:A1AkyjJjWNDuT/yKxPZ557tAMi
                                                                                                                                                                                                                                                                                            MD5:8F34BCE2B45254BA080E3A9BEC8C53AF
                                                                                                                                                                                                                                                                                            SHA1:2C3E8CE2B2D3BEB6204D5136E93EEBA414C08869
                                                                                                                                                                                                                                                                                            SHA-256:5BA3D3F22240353BDE80696CD9E645AB1CAC868311E4AC72B05A0A36FDE0BC7F
                                                                                                                                                                                                                                                                                            SHA-512:F47EE85E3247EF34182D9946554B0712D5CC7CCC06CF951D7E0835BAFFC3D48E8DE81A205D73FC0B8BAF85F4B20D53CFD75649E501C1FD86D040750D0B8B50C1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......<.><x.Pox.Pox.Po..SnS.Po..Un..Po..Tnv.Po..Unh.Poq..oy.Poi3.oy.Poi3Snd.Poi3Tnn.Poi3Un..Po..Tn\.Po..Vny.Po..QnW.Pox.Qo..Poq..or.Po.3Yn..Po.3.oy.Pox..oy.Po.3Rny.PoRichx.Po........PE..L.....Gg...............*.....T.......5............@.......................... ......V.....@.................................0............6...............(.......+..@-..p....................-..........@.......................@....................text...,........................... ..`.rdata..F[.......\..................@..@.data...`........0..................@....rsrc....6.......8...$..............@..@.reloc...+.......,...\..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SROpus.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):330248
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7899102550791
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:4aXIREBEBRS1izV0CyJ8XytTl4jqNzmCPOIAOvQ10:kEhCyCOiqNxjRE0
                                                                                                                                                                                                                                                                                            MD5:7C3B0175C350E6AEA7C5F4F331FB7457
                                                                                                                                                                                                                                                                                            SHA1:46FE50380B66C64A98B08017DC0D8566D9B22847
                                                                                                                                                                                                                                                                                            SHA-256:A83CDFC6ADDAC319E9CF2F950958DB790CA430F96D900B5205828EBE9B2829A8
                                                                                                                                                                                                                                                                                            SHA-512:4B3972EB174AE834B39F34D51D19ACA9EACE14CACC54D0314DFBDE8B38C2A0514E81B5861BEE9CF8465313F6B98DB31B0C2D314B052CC8F5CDF58C7AF7E61AAC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..y..*..*..*.Vc*..*.Va*d.*.V`*..*...+2.*...+..*...+..*..r*..*...*..*..*F.**J.+..**J.+..**Jm*..*...*..**J.+..*Rich..*........PE..L...S..e...........!...%.V...................p............................... .......5....@.....................................(.......0A...............(...........}..p............................|..@............p...............................text...XU.......V.................. ..`.rdata..n....p... ...Z..............@..@.data................z..............@....rsrc...0A.......B..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):649008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.592395353162998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:EevXOcMAzEExDWdMoe3BlkCwkupdTyu7XAgBn4Dy:9ecPzEExCaoeRqFkcTZjAgBnAy
                                                                                                                                                                                                                                                                                            MD5:F8F5641394A455FDCC4E493ECCC7F012
                                                                                                                                                                                                                                                                                            SHA1:02D12D3E6569EB3A669602AB12540DD509F7474C
                                                                                                                                                                                                                                                                                            SHA-256:4B5051DDDB178BA71D1BFFF29D93693FC8DD73B3117A23E06BF6A3815CD7BA35
                                                                                                                                                                                                                                                                                            SHA-512:BEC16EF02A11BC84A8B412B4D3F3142DC5532C88F8712C43FCF2397B4D0B6530D7DC7EBB512413C1E260711C0B5DBC454B8FE6E61886ED536953F8315C9EA74B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nR.*3..*3..*3..#K1..3..#K'..2..#K ..3..#K7.'3..*3..3..#K..)3..4a0.+3..#K5.+3..Rich*3..........................PE..L.....U..........................................@..........................@............@................................. 1..d.......................0.......pY..`................................................................................text............................... ..`.rdata...-..........................@..@.data....`...@...$...(..............@....rsrc................L..............@..@.reloc.."y.......z...T..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4634624
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.427376701369603
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:nJCkGlWWi4VbnLhzQeDFoDGSNI5Oz9S8fm1ENbDqTXSWJl4Jv3:KVfhBDFoDWILm1ENHqdJ+3
                                                                                                                                                                                                                                                                                            MD5:DED563BC2ED0B6C20752C18A9B030CA4
                                                                                                                                                                                                                                                                                            SHA1:26536E72429042228EB9CAE1E6830A3B081F1D8E
                                                                                                                                                                                                                                                                                            SHA-256:98C8D4A4E3A332B952867FD36F08E8A3D7453FD78823D17A01720F2289BDAE75
                                                                                                                                                                                                                                                                                            SHA-512:0F875B02A686682C2F1FA8A2B76427B5A37AE2E6D04D64BAFDC57A86A3341A20C445D85270D24DFD05F702BBFCC10554ABC971A7AD87B901FC267B74BCAA0EF7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......A........................h................#....................D.......&....N.......N.......N.......N.....N.....N........l.....N......Rich............................PE..L.....Gg...............*.. ...&..............0 ...@...........................G.....}.G...@..................................O'.X....p(...............F..(...@D.......$.p.....................$..... .$.@............0 ..............................text..... ....... ................. ..`.rdata...g...0 ..h.... .............@..@.data.........'..n....'.............@....rsrc........p(.......'.............@..@.reloc.......@D.......C.............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.pem

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PEM certificate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5262
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.05232077920498
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:LrdBs5tNThpCwTWYOHS2zkoGwhav1x6s7xPe47Oq1JmIyztq43ZEDRS4bcrkpk7:Hg5tNTDCdRoothav1xd7Be6Ositq43yY
                                                                                                                                                                                                                                                                                            MD5:A8B2B3D6C831F120CE624CFF48156558
                                                                                                                                                                                                                                                                                            SHA1:202DB3BD86F48C2A8779D079716B8CC5363EDECE
                                                                                                                                                                                                                                                                                            SHA-256:33FE8889070B91C3C2E234DB8494FCC174ECC69CFFF3D0BC4F6A59B39C500484
                                                                                                                                                                                                                                                                                            SHA-512:3B1FC8910B462EA2E3080418428795CA63075163E1E42A7136FA688AA2E130F5D3088AB27D18395C8C0A4D76BDC5ED95356255B8C29D49116E4743D269C97BF9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:-----BEGIN CERTIFICATE-----..MIIFVDCCAzygAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQswCQYDVQQGEwJVSzEf..MB0GA1UEAwwWU3BsYXNodG9wIEluYy4gU2VsZiBDQTAeFw0xNTA3MDYwMjQ2NTda..Fw0yNTA3MDMwMjQ2NTdaMC4xCzAJBgNVBAYTAlVLMR8wHQYDVQQDDBZTcGxhc2h0..b3AgSW5jLiBTZWxmIENBMIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA..wAXrbbT7bxfdfXv4WpeKYQwEj+O5IbELiqJUnjtSL8dhSLjunEnT08eNngGtUbKU..K9UYvokPo4w9dV7ZF2SIVNLLhGINgWfKGjFEOC2HMMxF6/Npjps8UdO3zozZtDET..4InDRAPDAQDuJX2le8sbmwcN6viuMPHQH/zM4VDg86txN/ueO+MHK4PR41dxNU6g..Mi1w4rntp1/alPtJi49CmxkonTzoWZsRz4QJAUJxEFmI4/2C9fKNEdiQUazHIXc1..55qeMTyaLna1ElRl1hpqvH4N7FChuXkG3ncEQRBZr41MCCX1l6PX1MGmbu6CRmEn..dzyu2fKQdnJ2nLzOzNRBuhEv/1Jm0Sij7b0QSberPSw0BqbVOZKY4b93ZRlqrkoD..K8LxS2/DtBvoeHxbF6UV6e4xHOpPDLlOLyfi27LYipTDN3Bt9yxUzcerLMu5KhZG..US8Alv80m+pnnsoSE6C4WN+/iDeRS2K8/BxY1TyFNAYRnC1sVaqwT/0AWHamKmXI..siGuKNMNSOB/pMx+qMFmvdYLMG/FHz6kBghyaqAaSOAcHzU6JJEOmy5PfyJ1VEVT..5ZeHGhwJ6FebFVAbpyTVRslokF6N2BXUuflN8N0Rp/8d5kr8ncHgd4boM16nl+T8..NMjiA0DkFktJHxnIKUEUH0nAIimvRt6+VTGIiXiPZbMCAQO

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2506752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.478542536370071
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:xwr26Mv1UFjiZhHVtZ7gwrkTrHCONt6ITUJX15cf3NN8ocrr1kHWZ3Th:urB41UFjUHVtZDkTrHFtNTUJl5cf3NNE
                                                                                                                                                                                                                                                                                            MD5:C62079067CE35A1C35C83DDB0934FF70
                                                                                                                                                                                                                                                                                            SHA1:5CAE95484555BBFBACE21BABEF6FC2DBB64D5806
                                                                                                                                                                                                                                                                                            SHA-256:E1E104F829417F29CFA1A03FE3E6EA34BEAAAF5C70728BE75309E563310A224E
                                                                                                                                                                                                                                                                                            SHA-512:60ADF1B21585AE856450D487BE553CB782A3CE96521CBD9499310F0F6ADC0C274B261F8BAF651B3446E91C800B9AC9EA907ABFC0A8E833CBAE0440F0FF2F6B3A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................T.....T.....T..T..T.....T............|.....|.....|.....|.....|4......\.....|....Rich...........PE..L.....Gg...............*.............0............@...........................&.....p.&...@.....................................T.......`.............&..(...`$.. ..pL..p....................M.......K..@............................................text............................... ..`.rdata.../.......0..................@..@.data...........\..................@....rsrc...`............\..............@..@.reloc... ...`$.."....#.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSocketCtrl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):984584
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.654713325570367
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:gD2kCn6swdgSq3nUm08oS2R58vpo8Gp7EPVHHG0wIRCpDHFS:kvBgSq3nUD/R58vpofp4PVHHG07RgA
                                                                                                                                                                                                                                                                                            MD5:8A17CA74AFC4FFF3A0AC2262DDD260A1
                                                                                                                                                                                                                                                                                            SHA1:AC598B0297BF3CDF231D67A47BE942DA5173093B
                                                                                                                                                                                                                                                                                            SHA-256:6EFCE3CC622589CE8A7B65C700692FB8EF9B97D50CDC828F0FC7E872C52CEBA9
                                                                                                                                                                                                                                                                                            SHA-512:A8608961EF6936CD2EBAA6026B4074066A06F1CE90806C648B31E38E979F7BEB0F93A6E7BE33365A595D7DF6236E454241424DBC95EAC50867F2C78F89620BE5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.....x...x...x.W.{...x.W.}.x..5|...x.W.|...x..3....x..3{...x..3|...x..3}.S.x.W.y...x...y..x.T2q.[.x.T2x...x.T2....x.......x.T2z...x.Rich..x.........PE..L....X.f...........!...).....&............... ...............................`......5.....@..........................6..T....6...........................(......T......p...................@.......@...@............ ..`............................text...h........................... ..`.rdata...)... ...*..................@..@.data....h...P.......0..............@....rsrc................L..............@..@.reloc..T............R..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUACCheck.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):552448
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.864864930937737
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Oz7o9NZu0vRWNu+77f8m8end5Xy+1kvI8k9W91iVXuXskIhLfhJ:Oz7o9WuMh8edk+1kv5K+WhLfhJ
                                                                                                                                                                                                                                                                                            MD5:17A84222FA328438F744695325E7BBD7
                                                                                                                                                                                                                                                                                            SHA1:AFB21401EF501060E437AEADE9869E1F33CD6686
                                                                                                                                                                                                                                                                                            SHA-256:15342AB48A89743358F18E5513D1D5EA5F24732DF650FD4730C1EE8146B12266
                                                                                                                                                                                                                                                                                            SHA-512:5E4D12BF380816D8EF6E64A8DB2BB546B217B03AC4D2B2A36FA0F9D0379ECD59434C860F5E0ED795403428A9829EED885469FD550065236D6830E307BACCD5EC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)q..)q..)q......#q.......q..8...?q..8...=q..8....q......?q......2q..)q...q......"q....(.(q..)q@.(q......(q..Rich)q..........PE..L.....Gg...............*.F...........=.......`....@..................................C....@.....................................P........[...........F...(...`..........p...........................0...@............`...............................text...^E.......F.................. ..`.rdata...}...`...~...J..............@..@.data...............................@....rsrc....[.......\..................@..@.reloc.......`.......2..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdate.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2784768
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5138344706678595
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:Lj154ogcYNPaeaAa/ZQg34QdVOoTqw77HJtsSPiRQYwksiCRy1kHWPKdkfJ:LZ54og5PZUS6rdVOoWw77HPhPiRQYwkN
                                                                                                                                                                                                                                                                                            MD5:808EAB8B309CD0931F7D45207CF7A29D
                                                                                                                                                                                                                                                                                            SHA1:5E86396BF56D35D05A6D63A7BDE8134384D0543D
                                                                                                                                                                                                                                                                                            SHA-256:6A10AAAFFC3E824B8A738D2293FBF225A48C22DC0D3FDBF02BCA572507788D36
                                                                                                                                                                                                                                                                                            SHA-512:81652BAF9EE20A75887893F3F4C50A52D18316FF485D613C94E7562B9E050D03E1210C43DB009C03E3C48FC2560AFCB9BD1964F1262C6097EA2C7B9A1CECB791
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^X!..9OJ.9OJ.9OJ.KLK.9OJ.A.J.9OJ.KKK29OJ.KJK.9OJ.KIK.9OJ.KNK+9OJ.9NJ.:OJ..LK.9OJ..KK.9OJ..JKg8OJ..FK#9OJ...J.9OJ.9.J.9OJ..MK.9OJRich.9OJ........PE..L.....Gg...............*.(...r......1........@....@...........................*.....1)+...@.................................@. .......!..W...........V*..(...`(..d...*..p....................*......P)..@............@...............................text...9'.......(.................. ..`.rdata.......@.......,..............@..@.data........P ..f...2 .............@....rsrc....W....!..X.... .............@..@.reloc...d...`(..f....'.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdateInstall.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):171008
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.580646075446536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:F4+TOePkxHM2yORUfHtuwKdpZGWwUIDOGHFACI1h4kVn0s6c:oms9RUAPZZyDDHG0sR
                                                                                                                                                                                                                                                                                            MD5:E30D3FEE469C4DF2C5B9FD3D463F38B1
                                                                                                                                                                                                                                                                                            SHA1:A9F699F9D987C86AABC0047A5689E4DF4D9E7B8D
                                                                                                                                                                                                                                                                                            SHA-256:271A2B42440235B2499C8390BC662142605AB3D0308CF272D6E50210D824D2C7
                                                                                                                                                                                                                                                                                            SHA-512:53642E1A8B3CEB29A1E7392496B6C2BA685D9E081792E27318A20A2D4AEDF43DDF088C61901F439604FBD2B136BE81D529F39066F3E77421BDC959415E2E026A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2x.U2x.U2x.U...T8x.U...T.x.U#..T$x.U#..T&x.U#..T.x.U...T$x.U...T%x.U2x.U.x.U...T8x.U...U3x.U2xyU3x.U...T3x.URich2x.U........................PE..L.....Gg...............*.............C............@.................................s.....@..................................Q..P....................t...(......h... ;..p....................;......`:..@............................................text............................... ..`.rdata..V...........................@..@.data...$....`.......H..............@....rsrc................V..............@..@.reloc..h............\..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):202752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.623555238792369
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:P6OHEnj9SRgJFxsPgRzb3BySgPPRBkVe3Tte2ioexyhEEGQLj8v0FUW6iq:P6OknxSRfyRNGZBkVJREGQXU0FUmq
                                                                                                                                                                                                                                                                                            MD5:18E009469BA2B2F4F99C31752B8308A4
                                                                                                                                                                                                                                                                                            SHA1:F1925EBC79131DFE0BB98C7920154E5B2DE3F113
                                                                                                                                                                                                                                                                                            SHA-256:52E18E3BA869A280CB4EB9140840CE817BF6653E5E53093B7817CF7F3069F570
                                                                                                                                                                                                                                                                                            SHA-512:71D32B6E585E0982096CF8E618E1AE41B90F8D8594FBBD811664D6C4C47F78A2694CFDBA586D317F05A92DDF3EA517830CE4E1FC442E85FBB5399769DD8B2208
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.&IP.uIP.uIP.u.".tCP.uX..t^P.uX..t]P.uX..t~P.u.".t^P.u.".t.P.u.".tRP.uIP.u.Q.u...tGP.u...uHP.uIPnuHP.u...tHP.uRichIP.u........PE..L.....Gg...............*............F........ ....@..........................0.......2....@.............................................X................(..........p...p...............................@............ ...............................text...}........................... ..`.rdata...... ......................@..@.data...x...........................@....rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):333320
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.909775605022876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:2lc/Jz+v9TViX69NAqxVKhFcuUa/w28bgSl1FcXirkmMDt:wcU9oe61hFPqgSzrkmMDt
                                                                                                                                                                                                                                                                                            MD5:562D29B934BFB893AF36F03CBA478AE3
                                                                                                                                                                                                                                                                                            SHA1:5AA2D1A95EE82DADB2EE604E503CEAF3FBFDDD6F
                                                                                                                                                                                                                                                                                            SHA-256:ADEDDB37D54E44F84BE0F3824A5C2E98EDF831D6E16836C4CDF34FC47DA4BBF3
                                                                                                                                                                                                                                                                                            SHA-512:0E85A3BC34D44815442DAAECF910AE02216B28891D785C2C85072FB2824E0AC4056A658C76522C4659F5275F975F291C8BC9217856F52EF1DB6778069FCF8A20
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......5...q...q...q.....c...........f...V...c...q...K...t..`......{.....p...wR..p...wR..c...wR..i...wR..$.....f...q...d....R..E....R..p....R..p...q.u.p....R..p...Richq...........................PE..L....d.f...........!...&..................................................................@.............................T.......@........................(.. ...............................................................\1......................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrlEx.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):337416
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.910033827099534
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:jlsrxoLbx49G3x2MB7oUR71gg/wl12GSHU2eQHx+0lnPmDfYfG:B0dwUQNTW12GoU2eQR+SPmbkG
                                                                                                                                                                                                                                                                                            MD5:7A90EC5109E67E431CAF2FD55D41F82F
                                                                                                                                                                                                                                                                                            SHA1:412F6A3E795502CD39F76FD51B138E06A081F146
                                                                                                                                                                                                                                                                                            SHA-256:2FA77B33CCCE1B5412A9866ACB63B050F6F94485EF8AEC378BC82D02929A1001
                                                                                                                                                                                                                                                                                            SHA-512:ACDBE23B0FA784EA5433A223AEA32CF1C86436F7C9F4E715A10B6A891B4D6B8CEAA943C26444B5813AFDB6C9C4DE6F43B81A632D74920373C0D802613DFD2ED0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........e.g...4...4...4.v.5...4.v.5m..4.v.5...4..4...4...4...4...4...4OZ.5...4.v.5...4..4...4..5...4..5...4..5...4.v.5...4...4...4...5...4...5...4..,4...4..D4...4...5...4Rich...4........PE..L....d.f...........!...&......... ..`....0... ...............................0.......7....@..........................(..X....&..@.... ...................(..$)..............................\.......|........................e......................UPX0..... ..............................UPX1.........0......................@....rsrc........ ......................@......................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2576896
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.444041526880953
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:VT+Rb0AWHTXffY4e4/MVYt4QoJEWbqnTM0ozzWQvaV9Z6VnUZp4U4bJnurZBW:Yb0AWzvfAuMVYt4FJEWbqTM0ozzzvaVC
                                                                                                                                                                                                                                                                                            MD5:AFE180F49F1691407D4208B63B527DB2
                                                                                                                                                                                                                                                                                            SHA1:7518C893E733519E2494CB699BE3A92758DD784F
                                                                                                                                                                                                                                                                                            SHA-256:A2B663E724C5C7F511B948B135890E36974E996AF7BA6F5E65D3AFB38B95341D
                                                                                                                                                                                                                                                                                            SHA-512:541C889A1DEA3EFF859A4D2F8B9F6FE7B43B469A5CAE79B6EFDB38757BA38964990566A63A300E784B228A6B41E0EF439E445DA9D4B2C349D7D1B7BEA95C85AD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&%..Hv..Hv..Hv/.Kw..Hv/.Lw..Hv/.Mw&.Hv/.Nw..Hv/.Iw..Hv..IvK.Hv.yKw..Hv.yLw..Hv.yMwb.Hv}yAw..Hv}y.v..Hv...v..Hv}yJw..HvRich..Hv........PE..L.....Gg...............*............W.............@...........................'.......'...@.................................t;!......P"..............*'..(...P%..W..0Z..p....................Z......pY..@...............4............................text............................... ..`.rdata..............................@..@.data.........!..j...n!.............@....rsrc........P".......!.............@..@.reloc...W...P%..X....$.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264Wrapper.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):300032
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.691028232350373
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:hV3f+nBZmJ3IOuGCnvi9MCd5upCERqwBpygW5wu:hZf+nBZi3IsupCEcwnhW5wu
                                                                                                                                                                                                                                                                                            MD5:C8217F1726F8776EF11ECFFD1944194A
                                                                                                                                                                                                                                                                                            SHA1:550D485C8B2167C1788E2760A455808E1DF03624
                                                                                                                                                                                                                                                                                            SHA-256:8577470659E69EAABFE49BD982FD2FB298E5762C768DD7100D7FDB0C131953DE
                                                                                                                                                                                                                                                                                            SHA-512:F7DFEADC2A8D4DC036D23A0405B8A5C55DD3DF714C8B3C2DEC672072B9150788A751EE49FCB0973BE1F34EAE100A230BD4A871324F6EDC7EFC7B0D088E4F7D53
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)...)...).......#...............=...8p..;...8p..9...8p..6...)... .......*...)...x....p..(....p..(....p..(...).q.(....p..(...Rich)...........PE..L.....Gg...........!...*............f...............................................K.....@..........................:..$....<..<.......x............l...(......."...(..p............................'..@...............h............................text............................... ..`.rdata..h...........................@..@.data.... ...P.......6..............@....rsrc...x............B..............@..@.reloc...".......$...H..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperEx.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):115208
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.877996118531337
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Ojw9KC9FNiaL9tfuTjyUDJ90sFAmUPDo0hbn+F2LyvwFOs/cYb:b9KC9FNbwl9+D7o+XmIFOh4
                                                                                                                                                                                                                                                                                            MD5:6B82A354476FA7C56175EE060F08E2C9
                                                                                                                                                                                                                                                                                            SHA1:D77566D72C6F1C796C2E8087A9BD04920455B138
                                                                                                                                                                                                                                                                                            SHA-256:754C8D6C7C91B7620A7EE34665C28F0BE67686591E5B49A7E9B8C33BAEF6C37E
                                                                                                                                                                                                                                                                                            SHA-512:E5241DCF50B4D6003FCF1FE14F8693CDE525CDF020E7CF7557B76AC954102722C7721BDE48DAE08A4524A12E611AF950588ADBEEBC95158901BCA6238CE2FA51
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[...5S..5S..5SDn.S..5SDn.S..5SDn.S..5S..0R..5S..1R..5S..6R..5S..5S..5S...S..5S..4S..5SY.<R..5SY.5R..5SY..S..5S..S..5SY.7R..5SRich..5S................PE..L...w..e...........!................P*.......0...............................@......:g....@.........................<6..(....5.......0...................(..d7.......................................,..............................................UPX0....................................UPX1................................@....rsrc........0......................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperExx.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):733704
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.921389042280339
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:SEjmVTsQGgZp4zjWURE9b9Sh73+axBJIsPqTVzVpW6jg6sQNGh+rIY2eV0Vt3Cz8:SEjmpsdgZwjWUREN9o91kV5pWmNGhM/q
                                                                                                                                                                                                                                                                                            MD5:C0B530DCB39BFFA1B2A64DCB9DCE67CC
                                                                                                                                                                                                                                                                                            SHA1:FC80610E9876B750B5C71CDBA679610320C3DF49
                                                                                                                                                                                                                                                                                            SHA-256:A4103499C3584F3D2274E8D81B1355312D7CCF2CA794C746915ADA79C12F0D7D
                                                                                                                                                                                                                                                                                            SHA-512:1326AD4B4EE3920E21449A0367E5912605AEAAF5C692A9042FEEBD2E4B789408DE605A7154D2DCD8A038358A98457312403C7AD550B3CDA64ED9D3E81E23459C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........u...........A.&....A.$.V..A.%....k.......|.....|.....|..........Oa.....lD..........\}....\}....\}(......@....\}....Rich...................PE..L...w..e...........!..............(..3...(...3...............................3.....b.....@...........................3.d.....3.x.....3..................(..x.3.......................................3.............................................UPX0......(.............................UPX1..........(.....................@....rsrc.........3.....................@......................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\STRLOG\splashtop.bl

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3835
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.764498295481361
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:y7IqsbCST8eInWhT2YB9tds0xNqu72V3VcaM/g7QSEvqcAzOt6zS:y7IuxeeS9VjiMl6e
                                                                                                                                                                                                                                                                                            MD5:D949C968DFD291B7D69CD9A65A1CBC8A
                                                                                                                                                                                                                                                                                            SHA1:9FD25344A4E35BE5F6FCC3CBD346D9230820016F
                                                                                                                                                                                                                                                                                            SHA-256:D166064C6FFADBD505076B633E10D5536739C3E68E4B48F6A396FD8299666E56
                                                                                                                                                                                                                                                                                            SHA-512:68C26A66AEE424CFEAF9A5BADFA2592DA91C5B1BE65B69C60879255936413215BDA05D5633F69C7AAD2688A53A586BB54E3AC722E2DCE3BFAC034C4C1C4594B4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.svchost.exe..csrss.exe..SearchFilterHost.exe..SearchProtocolHost.exe..conhost.exe..winlogon.exe..SRServer.exe..SRService.exe..lsass.exe..services.exe..smss.exe..wininit.exe..lsm.exe..SSUService.exe..spoolsv.exe..SRFeature.exe..SearchIndexer.exe..WmiPrvSE.exe..mDNSResponder.exe..AppleMobileDeviceService.exe..nvvsvc.exe..DataProxy.exe..iPodService.exe..audiodg.exe..cmd.exe..spupnp.exe..WLIDSVC.EXE..WLIDSVCM.EXE..dllhost.exe..taskeng.exe..armsvc.exe..rundll32.exe..atieclxx.exe..atiesrxx.exe..ctfmon.exe..SeaPort.exe..nvxdsync.exe..MsMpEng.exe..nvSCPAPISvr.exe..wlanext.exe..LMS.exe..ccsvchst.exe..UNS.exe..mscorsvw.exe..msiexec.exe..iTunesHelper.exe..LSSrvc.exe..btwdins.exe..LogonUI.exe..TrustedInstaller.exe..avgwdsvc.exe..jusched.exe..unsecapp.exe..IAStorDataMgrSvc.exe..PnkBstrA.exe..AVGIDSAgent.exe..GoogleUpdate.exe..AvastSvc.exe..RTHDCPL.exe..sqlwriter.exe..IAANTmon.exe..avgcsrva.exe..mdm.exe..igfxsrvc.exe..Ati2evxx.exe..ZhuDongFangYu.exe..VSSVC.exe..wisptis.exe..hpqWmiEx.exe..avgcsrvx

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x64\SRCredentialProvider.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):326664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.273611352763876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:gpWGtJblMMuWntMAHeVQHe3lPpAyQ4L/8mJEDJnMihRD+ae7/lXCU:tGtJblMMuWntyxOyQ4LkIyxypCU
                                                                                                                                                                                                                                                                                            MD5:D2A501F07C9F9373F11CC89FB2D49D8C
                                                                                                                                                                                                                                                                                            SHA1:37EAADAF61D2CBE697F1C454640F9E04F4CD2D16
                                                                                                                                                                                                                                                                                            SHA-256:A25A7C80A4BD007248306E02FBC10436885C64CC70A40433143BC82C641D3480
                                                                                                                                                                                                                                                                                            SHA-512:B20727B34287D5877D94963B08F520E586C2A66A39631C768CF2F6ACA31959DFB2711C8043E71DA4FA8A00DF039E886D30B0D7DC2E85FEFC68E99761F3945B54
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..............].......j.......j.......j...............j.......j.......j...............j......Rich....................PE..d......e.........." ................<........................................@............@..........................................p..w....^....... ...........6.......(...0...... ...................................................(............................text...>~.......................... ..`.rdata..G...........................@..@.data....[.......&...f..............@....pdata...6.......8..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x86\SRCredentialProvider.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):263688
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.578168733069161
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:rP7UBxcJ1Puvfk+GTVGUtO9EU5dem+b0sInsLwcQRelNXkd6X0ThhYibRYI:DhmE+YQY4/eHw5ew8N0A2Xbh
                                                                                                                                                                                                                                                                                            MD5:F276DD195D935138FA1EDA9C522CD62C
                                                                                                                                                                                                                                                                                            SHA1:67508C991FAE8F6A503B7997D96CE4BB7AF559CA
                                                                                                                                                                                                                                                                                            SHA-256:3E4FF68E9E2E312A9DDCD249F9BC2782103452E64CF6DF2914EF989006DD6EFA
                                                                                                                                                                                                                                                                                            SHA-512:F3E2C301A7091D04F0D17BCDDC2BB0057366FE7089564966FE2EFD56ABD381190B01672DB6E6C7330E553382D38D7FEFDB644F1DF9F28B85714F52F695D812AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l.._(..(..(..../.)..!.,.2..!.:....!.*.3..(..!..!.=.t..!.+.)..!.-.)..(...)..!.(.)..Rich(..................PE..L...%..e...........!................+........................................@............@.............................w....~...........................(......X$...................................O..@............................................text............................... ..`.rdata..W~..........................@..@.data....K...........z..............@....rsrc...............................@..@.reloc...@.......B..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_provider.man

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4448
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.463053305093135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:NZ9Y9R9iY+Al8/ky6V9R9iYsrAl8/k5v+sv:0bMAl8j6vbirAl8mv+y
                                                                                                                                                                                                                                                                                            MD5:20D8473FB148C4ADA5878B313BC776AF
                                                                                                                                                                                                                                                                                            SHA1:1C88D93AED07AF5753D5CADE1BBA2EC1A69C81A8
                                                                                                                                                                                                                                                                                            SHA-256:FAFFFA0C014BF46A71E323FC4275A5A9004FF90B474B1B7A30D5728FA81D3568
                                                                                                                                                                                                                                                                                            SHA-512:5E6AD6B5F040C927685FB4BF4A83149DCDDB22F8A1BD5ECFF5B6E69ECAB80FA7DDAACFA4FA7EB35D9723F4CF364B96D61482FA805F5B6595AEDF064C3C099C2B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.i.n.s.t.r.u.m.e.n.t.a.t.i.o.n.M.a.n.i.f.e.s.t..... . . . .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s."..... . . . .x.m.l.n.s.:.w.i.n.=.".h.t.t.p.:././.m.a.n.i.f.e.s.t.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.w.i.n.d.o.w.s./.e.v.e.n.t.s."..... . . . .x.m.l.n.s.:.x.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.".>..... . .<.i.n.s.t.r.u.m.e.n.t.a.t.i.o.n.>..... . . . .<.e.v.e.n.t.s.>......... . . . . . .<.p.r.o.v.i.d.e.r..... . . . . . . . . . .s.y.m.b.o.l.=.".P.r.o.v.i.d.e.r._.S.p.l.a.s.h.t.o.p.S.t.r.e.a.m.e.r._.S.t.a.t.u.s."..... . . . . . . . . . .n.a.m.e.=.".S.p.l.a.s.h.t.o.p.-.S.p.l.a.s.h.t.o.p. .S.t.r.e.a.m.e.r.-.S.t.a.t.u.s."..... . . . . . . . . . .m.e.s.s.a.g.e.=.".$.(.s.t.r.i.n.g...P.r.o.v.i.d.e.r...S.p.l.a.s.h.t.o.p.S.t.r.e.a.m.e.r._.S.t.a.t.u.s.)."..... . . . . . . . . . .g.u.i.d.=.".{.6.6.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x64.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):28160
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7217591844595956
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:/xr44ok0H+Re/1EPaTHV8GzXlGmYOom+rt12xROVSjfCKm/kIKz0+rIOsJ:/24ok0H+Re/1EPaiI1Y4O6Sv+q
                                                                                                                                                                                                                                                                                            MD5:29F288F751FBCEA5CD75EA9774882787
                                                                                                                                                                                                                                                                                            SHA1:5A4C30382C63E29E848B681D39CC213C2198E12E
                                                                                                                                                                                                                                                                                            SHA-256:711702EB24803788CE601996F90B7EF57EEF1F764F7AAF3A96E2196ED4A9533E
                                                                                                                                                                                                                                                                                            SHA-512:B7FC0A739B33E79232EF506393CF90297F4D41F165F34B5BE50648D8A1967419E1F0EE369E809D5C142898824E8B5A3784106D33A2D1D72CD811D5352F4BBD60
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.<...R...R...R.......R...P...R.Rich..R.PE..d....._.........." .........l............................................................`.......................................................... ...h...........................................................................................................rdata..p...........................@..@.rsrc....h... ...j..................@..@......_........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01.....!...g...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x86.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):28160
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7214568392805565
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:xXxr44ok0H+Re/1EPaTHV8GzXlGmYOom+rt12xROVSjfCKm/kIKz0+rIOsJ:xX24ok0H+Re/1EPaiI1Y4O6Sv+q
                                                                                                                                                                                                                                                                                            MD5:BE32CA6CD3810D278DC07C2D67FA5A44
                                                                                                                                                                                                                                                                                            SHA1:63C47D24563F3E19BADE1482BA91D57542736C6C
                                                                                                                                                                                                                                                                                            SHA-256:2F28F5D4952FD4430568AFCCE023C4885B47BF7C705950B252555C7D92EEFB72
                                                                                                                                                                                                                                                                                            SHA-512:C21FF9E2116F0C469642C47B85E6D36970344F6C929B018DB6BED88FEFB54AA9C82EDDA1F9123F1B493E9046DE2B46C44C62900967752110EA056B54CEB56E85
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.<...R...R...R.......R...P...R.Rich..R.................PE..L....._...........!.........l............................................................@.......................................... ...h...........................................................................................................rdata..p...........................@..@.rsrc....h... ...j..................@..@......_........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01.....!...g...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1458184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.608368260050606
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:3u1d1TlM6S5+KpPH2+68gJ4dxM3GsFa8cihBUbo0h3yT26:3ub1T2B/+J4jMWsFa8cJbo0h3x6
                                                                                                                                                                                                                                                                                            MD5:86FB762B6F48E0F579D8E1C20D829E5C
                                                                                                                                                                                                                                                                                            SHA1:35643C93BAF6F1A0DC2607C2F65D339DD149FE71
                                                                                                                                                                                                                                                                                            SHA-256:1837087E75DE428C18ACEC7F2EF7576752396A3A1EF15450230734E9EE194B28
                                                                                                                                                                                                                                                                                            SHA-512:A0A53F0C256DD1ED0FA512E11A4AB936BD829B22E37C422194144CF022192B2C7157A4220BAD2ABF45CA6FF44FA3E954BE57147E57CB869D1E53399F5895FB13
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ..N...N...N...N...N.....N......N......N....~.N......N...O...N....9.N......N......N......N.Rich..N.................PE..L......e............................Ku.......0....@.................................(.....@..............................................................(...........5..............................pb..@............0..............................text............................... ..`.rdata..@....0......................@..@.data... ........j..................@....rsrc................&..............@..@.reloc..F,..........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\WdfCoInstaller01009.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1721576
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.978334410477683
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                                                                                                                                                                                                                                                                            MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                                                                                                                                                                                                                                                                            SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                                                                                                                                                                                                                                                                            SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                                                                                                                                                                                                                                                                            SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15072
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.857603927715577
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yJaZmN9l0HNbsphoCqpQATeZjMcnYe+PjPGr9ZCApkT1rrZgjlerpLF+vctrie:kaZM0HlGOpQMejxnYPL/p1P6jeL3b
                                                                                                                                                                                                                                                                                            MD5:3CDAE3B3A3AE968DB4756613EEFF3680
                                                                                                                                                                                                                                                                                            SHA1:FF474C2D8A83BD5AF0A6B6CA954004D86BCF6FCA
                                                                                                                                                                                                                                                                                            SHA-256:8DC9051BC452639550EC4F956F1DBBAC2D2A1886868C17743A3E4BE22297E166
                                                                                                                                                                                                                                                                                            SHA-512:50E01496A3F891AC4BB455092427A4549406EAED44A292D415B8B42DF5FF72D1352EA6FCC66B2A11151AB9AE6590158753CC28E78F2DAC7FEBD5F6B8B4908126
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'N.OF .OF .OF .OF!.JF .F>..JF .F>..LF .F>..KF .F>..NF .F>..NF .F>..NF .RichOF .........................PE..d.....#Q.........."..................a......................................................................................................<a..<....p..x....@..l...................@ ............................................... ..8............................text............................... ..h.rdata....... ......................@..H.data........0......................@....pdata..l....@......................@..HPAGE.........P...................... ..`INIT....*....`...................... ....rsrc...x....p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.105547248727277
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Zfhpq1BKeL/JQyyo0Y0HgWjkRtPzjn4nYPL/p1P6jeL3fq4:hhpq1BK8/JMYChMxXn4umiP
                                                                                                                                                                                                                                                                                            MD5:A10A6FC3F643F82777345ADDC182799A
                                                                                                                                                                                                                                                                                            SHA1:015BDFF614CD475C119C9CDC25950E8226930584
                                                                                                                                                                                                                                                                                            SHA-256:8D09A7643A0095A0077710423E7D8D7134F9197B6F73DA427333790BA3774A61
                                                                                                                                                                                                                                                                                            SHA-512:5D2D6FDCCB9A99F95467E734AC83C77162D5D4509248A4BFDCE493BDD9D140220416095E0F75DDAB50071850FC0892CED2835336D1C42F4A3AC87F0D66C41ED8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'F.SF(.SF(.SF(.Z>..PF(.SF).AF(.Z>..VF(.Z>..PF(.Z>..PF(.Z>..RF(.Z>..RF(.Z>..RF(.RichSF(.........PE..d.....#Q.........."..........&..............................................................................................................`...<.......@....`.. ....6...............0...............................................0...............................text............................... ..h.rdata..L....0......................@..H.data........@......................@....pdata.. ....`.......$..............@..HPAGE....x....p.......&.............. ..`INIT.................*.............. ....rsrc...@...........................@..B.reloc..<............4..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\WdfCoInstaller01009.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1461992
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.976326629681077
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:GjG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRA2+:iGtN2h1120R7m4XShYVxfBwrC21fXSz
                                                                                                                                                                                                                                                                                            MD5:A9970042BE512C7981B36E689C5F3F9F
                                                                                                                                                                                                                                                                                            SHA1:B0BA0DE22ADE0EE5324EAA82E179F41D2C67B63E
                                                                                                                                                                                                                                                                                            SHA-256:7A6BF1F950684381205C717A51AF2D9C81B203CB1F3DB0006A4602E2DF675C77
                                                                                                                                                                                                                                                                                            SHA-512:8377049F0AAEF7FFCB86D40E22CE8AA16E24CAD78DA1FB9B24EDFBC7561E3D4FD220D19414FA06964692C54E5CBC47EC87B1F3E2E63440C6986CB985A65CE27D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.B...B...B...Kd1.E...B.......Kd7.Q...Kd .M...Kd6.C...Kd'.....e...C...Kd0.C...Kd5.C...RichB...........PE..L.....[J...........!.........N......C................................................S....@..........................................P...<...........6..................................................@............................................text............................... ..`.data....G..........................@....rsrc....<...P...>..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.821753253165571
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:hjJQAzeZjMpnYe+PjPGr9ZCApkT1rrZgjlerpLF+vctrMYPT:RJQUejknYPL/p1P6jeL32Y7
                                                                                                                                                                                                                                                                                            MD5:C57099F9A63D144A9CDC103D2C42A6AC
                                                                                                                                                                                                                                                                                            SHA1:F2AA1DBAC145BDA82DEDB69CA969EF4D0831C3DD
                                                                                                                                                                                                                                                                                            SHA-256:D8390287A8865769BB50B0B83E7E7FC56B055BFC48D3513146CDB8D3954338BE
                                                                                                                                                                                                                                                                                            SHA-512:18AB1AB0D233AEAAB786A28AEF766AAD9C683859628AEE94527C426DE7F63171345CAB4ECF96C54F19C93DF5E637A4D845C2487049DE161E19229F6253C775E4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................................................Rich............................PE..L.....#Q.............................P....... ......................................r........................................P..<....`..x....................p..8... ............................................... .. ............................text............................... ..h.rdata....... ......................@..H.data........0......................@...PAGE....#....@...................... ..`INIT.........P...................... ....rsrc...x....`......................@..B.reloc..j....p......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\install_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.711399671949434
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajs/dCiIc+JIIbdCiIevKIIlfRcGIIbdELVKT7:kidCicjdCiMt/jdx7
                                                                                                                                                                                                                                                                                            MD5:001B12FA9D827E2A53675F4FFC5D68D8
                                                                                                                                                                                                                                                                                            SHA1:0D1221A35F3FEF1B8B0B38E835BFB8F35357D3AB
                                                                                                                                                                                                                                                                                            SHA-256:2C6E538B58C32DFFC7E3ED85175A2F5D08C5AA3FA68EE05207DB6A015D778DD1
                                                                                                                                                                                                                                                                                            SHA-512:E85BAD69B1F36D36B96A03713B885FDDC485E7DA5A5FA4B07F5AFD7264BC9989F4AEA14822588F3921EFF4C6C5E7D2737CD382866A089DA8F4A19CAF69BC3FF3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon.exe /r remove @HID\sthid* >> inst.log..utils\devcon.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd.exe /u sthid.inf >> inst.log..utils\devcon.exe install sthid.inf HID\sthid >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\install_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):232
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.799817305367961
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/Ajs/dRLPIc+JIIbdRLPIevKIIlBRcGIIbdRL6VKT7:kiddcjddMr/jdD7
                                                                                                                                                                                                                                                                                            MD5:4D969376976863ABA27CCF817EB97219
                                                                                                                                                                                                                                                                                            SHA1:F65EA3234AFC4741F48AF51EE83280520969BF5A
                                                                                                                                                                                                                                                                                            SHA-256:C62D9158C0807D0EE3225E13BAD307199AF61DF1659ADCA91E1361865C325EEE
                                                                                                                                                                                                                                                                                            SHA-512:88F38ED5AD7FECDE209782D1111C142BE63AE54D73A71E737BEBC0FB1498D7988AC9EC0173DEF5F6E0A17192A5F802145E69BFDA606B253AFBFE23B5058A7413
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon64.exe /r remove @HID\sthid* >> inst.log..utils\devcon64.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd64.exe /u sthid.inf >> inst.log..utils\devcon64.exe install sthid.inf HID\sthid >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11968
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.0656302139179195
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:5eMsGsZrVjbd/22z0yK2zFWQFyGZh4qnajA3vKkCTglckNVa:HsGsZr5pRpFRj0lo3CXkNk
                                                                                                                                                                                                                                                                                            MD5:50BD9CFE7F724B3001FC833FF3FC284D
                                                                                                                                                                                                                                                                                            SHA1:5A2D4C52C87170AFAE9F3F4DC75A81A046FF3EEB
                                                                                                                                                                                                                                                                                            SHA-256:C7AE67C9A0669F2798ECA4452552F8F4919E2FB6D117ED290AC3F64966ECEEE0
                                                                                                                                                                                                                                                                                            SHA-512:52CC8930BAC7CBE7AF9C2B64D8A3BCF874D76DDFA21691B3B47E4B5BE938BF42D1D0BF0B6BFA3EEEC61D81328B41FB608AC8DA5F278BF06C1AB294B0055FB3FF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.....*.H..........0......1.0...`.H.e......0..X..+.....7.....I0..E0...+.....7......C....G.|J].q.z..130223030803Z0...+.....7.....0...0.....c.....I..x.....c...1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0.... . q&H.Hv4;.s....N....uB^...@_.%1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... . q&H.Hv4;.s....N....uB^...@_.%0.....o..5....,.SV..\....1~0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...06..+.....7...1(0&...F.i.l.e........s.t.h.i.d...i.n.f...0.... (..~......&vHk_..4U..:.Tu="|:H.1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...06..+.....7...1(0&...F.i.l.e........s.t.h.i.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... (..~......&

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4350
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.269640657392187
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:BmLnkrr4fzkQCmlCDHCMmDtu6KgbNHYFMDO:BmLny0fzkklCmBtu4NHBDO
                                                                                                                                                                                                                                                                                            MD5:6580EDB5B8713F3BFD3DF983758A4EA3
                                                                                                                                                                                                                                                                                            SHA1:1E6FC7E435A3C3E20E2CFF5356DED95CF0C7D0EB
                                                                                                                                                                                                                                                                                            SHA-256:815FBD6C3BFAE5EA77ED77480FAAC1AFAE946D4BF109B95480C60030A83AE1B1
                                                                                                                                                                                                                                                                                            SHA-512:EA332A77DBDCC2184B2154EF496DAE4C663075447EC4ACF61E83A5AAACCF702E2F0E0F6D7F91E4499993A9B9D7C3A9A21C495EEAD606E2F5EB5F4DF272A86928
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[Version]..Signature="$CHICAGO$"..Class=HIDClass..ClassGuid={745a17a0-74d3-11d0-b6fe-00a0c90f57da}..Provider=%splashtop%..DriverVer=02/18/2013,1.0.0.5..CatalogFile=sthid.cat....[SourceDisksFiles]..sthid.sys = 99..hidkmdf.sys = 99....[SourceDisksNames]..99 = %DISK_NAME%,,,""....[SourceDisksNames.AMD64]..99 = %DISK_NAME%,,,\64bits....[DestinationDirs]..CopyFunctionDriver = 12 ....[Manufacturer]..%splashtop%=Vendor, NTx86, NTx86.6.1, NTAMD64, NTAMD64.6.1....; For XP and later..[Vendor.NTx86]..%splashtop.DeviceDesc% = sthid.Inst, HID\StHid....[Vendor.NTAMD64]..%splashtop.DeviceDesc% = sthid.Inst, HID\StHid....; For Win7 and later so that we can use inbox HID-KMDF mapper..[Vendor.NTx86.6.1]..%splashtop.DeviceDesc% = sthid.Inst.Win7, HID\StHid....[Vendor.NTAMD64.6.1]..%splashtop.DeviceDesc% = sthid.Inst.Win7, HID\StHid....;===============================================================..; sthid for XP thru Vista..;===========================================================

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sys

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18144
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.199619066707982
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:D+CpJmsGTJgbzPvaen0XUqcZzpV1DzjBnYPL/p1P6jeL3CX:B85e4+zpbXBumPX
                                                                                                                                                                                                                                                                                            MD5:5904635A7888083EBB86C3A1218CB59B
                                                                                                                                                                                                                                                                                            SHA1:69540333726CEF1EABD5B75D56822B36F9065840
                                                                                                                                                                                                                                                                                            SHA-256:00648146272AF74EF5B1E74E83F58280FA1CC403621941AB3CB4E731756289F7
                                                                                                                                                                                                                                                                                            SHA-512:56B936EFBD05D0906577754334D9B1A562AE0AD25574E22149C6BD97950FD73809A4EF1542D4D7CAA4E5B81DF53975FDB1D57381232F9B8D17A463F1E1A81859
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q...Q...Q...X...R...Q...D...X...V...X...S...X...P...X...P...RichQ...........PE..L.....#Q............................v........ ..............................................................................<P..P....`..@............*.......p..t...` ............................................... ..`............................text... ........................... ..h.rdata....... ......................@..H.data...`....0......................@...PAGE....t....@...................... ..`INIT.........P...................... ....rsrc...@....`....... ..............@..B.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\uninstall_driver.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):164
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.75247427731045
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:jTDVBF+jVy/d/KiIKTAFshseJDo7EIbd/KiIKTA8vXto7EIl2YR41NDoC:/Ajs/dCiIc+JIIbdCiIevKIIlfRcGC
                                                                                                                                                                                                                                                                                            MD5:6E5A084690CBEDCB4F74C1C365F2048E
                                                                                                                                                                                                                                                                                            SHA1:379AF77A9066EE1EFEA1C17A21CF1C0AD7BF17FD
                                                                                                                                                                                                                                                                                            SHA-256:F67BFB651037E84F5AE6965B5511FA1B9BD2C819B034A8284462AF01C0E0148F
                                                                                                                                                                                                                                                                                            SHA-512:1ED233EF2BB513DCB9F3610AC36BBEB07259EAC7BA6F96E596B111C137F6B1BB35E1200ECAB3914925C6CCB80CD3A74ACEB40FA3775300151D34C7AB9C47A84F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon.exe /r remove @HID\sthid* >> inst.log..utils\devcon.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd.exe /u sthid.inf >> inst.log

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):172
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.845091480099467
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:jTDVBF+jVy/dRLX/IKTAFshseJDo7EIbdRLX/IKTA8vXto7EIl3xR41NDo7n:/Ajs/dRLPIc+JIIbdRLPIevKIIlBRcG7
                                                                                                                                                                                                                                                                                            MD5:C949FE57CE36D8C5FF18AD66A5C83138
                                                                                                                                                                                                                                                                                            SHA1:BE891CE4AF8434FB3A439F7F0CB9EC3E17BDB99A
                                                                                                                                                                                                                                                                                            SHA-256:8A5E292037FFC57F78E8C8D8AE945C319A41FABEB2112099BA3FFD9D08D4C1AA
                                                                                                                                                                                                                                                                                            SHA-512:5F22FB7C586852EF5EDB8A28250B4BAA2194FE7599E1EF0733554E512ADCC7326D625F67CACD21C06A3B9A8B43AAF7B8E23D1C529FCC1B36D3E983AF5384FC4B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:echo off..cd %~dp0..utils\devcon64.exe /r remove @HID\sthid* >> inst.log..utils\devcon64.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd64.exe /u sthid.inf >> inst.log..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                            MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                            SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                            SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                            SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                            MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                            SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                            SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                            SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\StHidNotSupport.reg

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows Registry little-endian text (Win2K or above)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):288
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.654691319611147
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Qyk+SkWCiiCRroZ6IJlUAG+DZeMV4GGMVQIwchhyR12qv:Qy5hVZteAxDZBuGp/hUp
                                                                                                                                                                                                                                                                                            MD5:AFB11B8A638A36856B635F9805BEC627
                                                                                                                                                                                                                                                                                            SHA1:29E88479691D922698D1DAEC3F06EFD438CB90F1
                                                                                                                                                                                                                                                                                            SHA-256:908EF8C0EEE73EFFAE7CA6AAEF29387302B1D69AEBE5EA587DEE7F1589F418D6
                                                                                                                                                                                                                                                                                            SHA-512:1C929F635DF273BF7843A433C461761374E3CE8B2A41C479E2AA9B6A27F4CEF5CE78BAE8902EE99673E33E9E165333A1A4C09D8503F259809F282E6B4A15EBA9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.S.p.l.a.s.h.t.o.p. .I.n.c...\.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e. .S.e.r.v.e.r.].....".S.t.H.i.d.S.u.p.p.o.r.t.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.0.........

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\StHidSupport.reg

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Windows Registry little-endian text (Win2K or above)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):288
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6709758888329973
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Qyk+SkWCiiCRroZ6IJlUAG+DZeMV4GGMVQIwchhyR12q8:Qy5hVZteAxDZBuGp/hU2
                                                                                                                                                                                                                                                                                            MD5:4F4EC6847BC91FCFAC8BFE7840649CCE
                                                                                                                                                                                                                                                                                            SHA1:642FB6860473391D28E1DC407A81B3829D048AFC
                                                                                                                                                                                                                                                                                            SHA-256:CC4837A65AE43EDF3AA3FD2C77912A881694C43EE203A127CE27641455AC7AD3
                                                                                                                                                                                                                                                                                            SHA-512:C896A60395237BED708C79CDBFF2FE9685E8B42A140EF96C2352559128B7700DFF8CA7267261A9EB5143583F296D0498C811E092516408B5500CC75DA8409C44
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.S.p.l.a.s.h.t.o.p. .I.n.c...\.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e. .S.e.r.v.e.r.].....".S.t.H.i.d.S.u.p.p.o.r.t.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.........

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                            MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                            SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                            SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                            SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):81920
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                            MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                            SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                            SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                            SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\WBAppVidRec.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):207872
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.376847606674082
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:8GvbxQUBeKnbJy4G6CPUdoWZ1NXbTtSN4bNzc30ppn:dfnbeedoFibNzc30p9
                                                                                                                                                                                                                                                                                            MD5:CCBDB5B1E7947A65CA0DDA27924E8395
                                                                                                                                                                                                                                                                                            SHA1:49371CEEFE80EE45B57063224322B09E89D01CA9
                                                                                                                                                                                                                                                                                            SHA-256:23F96BA9F7CDB90F250468A56F00C0F947B2BCDFF81C9FBCD0F6E73334CB57B4
                                                                                                                                                                                                                                                                                            SHA-512:39A6FD78227E5FAD6F9D0CD888A4F724F89AA1031BB5D659F7ECA3728741ED8D953770EFC329C589C37B496BFBA301F879396F08C3BBC2A8C549E32DFD22A201
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........?o..^.A.^.A.^.AV,.@.^.AV,.@$^.A..|A.^.A.^.A.^.A.R^A.^.A.&.A.^.A...@.^.A...@.^.A...@.^.AV,.@.^.AV,.@.^.A.^.A._.A...@.^.A...A.^.A.^.A.^.A...@.^.ARich.^.A........PE..L.....Gg...............*.....t....................@..........................@......=l....@..........................................P..p................(... ..........p...............................@............................................text...I........................... ..`.rdata...{.......|..................@..@.data...H....0......................@....rsrc...p....P.......&..............@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\amf-vcedem-win32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):198608
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.465406905232138
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:mNvlfI7fn3+ksrtRYs5BZdHEsTznNZQtiF22W9bKReKn:+fMnuhrrYszTjTQtiF22WKl
                                                                                                                                                                                                                                                                                            MD5:B51CB7BD99774F42D4FCD81522E159DA
                                                                                                                                                                                                                                                                                            SHA1:815646C93E09F0DB23951F3D8CD7319240CDBD43
                                                                                                                                                                                                                                                                                            SHA-256:55C8BEEBC29238A691AF1FDF44D922BDAC9B47034956311A9D467374049462C2
                                                                                                                                                                                                                                                                                            SHA-512:3375489BC03A442775FB02C5AB1D264FF2A972A805179B9F860D1FF26F09E529DCF7D03EA18CF3D56FC1DD429423C344CBFC4B89F20158D84896AA257240796A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.............+......(......-......).......`...p_....>......?.5....?.,....?./....?.*....Rich...........PE..L......R...........!......... ......!........................................0......m8....@.........................pa..o9..8R..P................................"......8...............................@...............h............................text...F........................... ..`.rdata.............................@..@.data....8.......4..................@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\avutil-55.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):561584
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5335413043485335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:n+Uac7b2syTCmCZ9z7I6KxOYDkHlTiO+k86hiCivi:+UacGbC7bYgHlTi6eo
                                                                                                                                                                                                                                                                                            MD5:A9A9D31764B50858A01B1FB228406F06
                                                                                                                                                                                                                                                                                            SHA1:7A313C46F049287045992F54F9D6EDA9DB568EF8
                                                                                                                                                                                                                                                                                            SHA-256:C0BABD7670124BB298D3BA6A8EE5AE33AD1030C08A18D8B8861F5D83003EB645
                                                                                                                                                                                                                                                                                            SHA-512:164D5497AA91A5B4742A291F589400BC0B189AF946615A2F04E6CFD1ED598A542F7521E4DD79AAB99414846A3C391255309F911C247EF446A0483D9FAB6EFDFC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................h......._(`........................................V....V......V......Rich....................PE..L...9..X.........."!.....X...h......-T.......p......................................}/....@.............................`6...D..P....................z..................................................@............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data...TT...P.......<..............@....gfids...............H..............@..@.reloc...........0...J..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11479552
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.348812561638391
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:qCzvqkufAppd1MoJDvZ4drfgYOfn7A26AXEQAAuYvNwRlAFz/O:qCzvqksAppdGoJDadbk/5jugIAFK
                                                                                                                                                                                                                                                                                            MD5:26B3130598BF5849E0800EFEE9EA05AA
                                                                                                                                                                                                                                                                                            SHA1:A6A6CE318FF11E756ECD9855D077F734DF508576
                                                                                                                                                                                                                                                                                            SHA-256:74C5ACB42BDE6DF4A8A48425BCBA8BE002C98E575BFA36251756114CFCF26323
                                                                                                                                                                                                                                                                                            SHA-512:31BFFCF9718E2BEAB0C3542BFF31F2E3AEDAB29E5865946F9623ADDCF3EAD59ED225F326E83219C51EEBEE822B1F21C8EE60407C80C53E5295DEA41A373EE184
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....7g.................4...........Q... ...`....@.. .......................`............`.................................DQ..L....`..w................(...@.......Q...............................................Q............... ..H............text...D2... ...4.................. ..`.rsrc...w....`.......6..............@..@.reloc.......@......................@..B................H.........[.8mQ.........H.(..c3...(......................................0<.I.......s.u.....}.'....}.'..s.u...(....~u.....(....:.....(....&.......%.......(@....(a...(....(.....(....}.'..(.....r...p(:...~.'..%:....&~.'.....u..s....%..'..oT.....o...+}.'...o...+...s....}.'...{.'..o....9#....(....:.....{.'...o.....{.'...o......{.'....{.'......u..s....(.....{.'..o....95....{.'..o....9%....{.'..o....:.....{.'..oD...:....(.....{.'..o~...o....9$...r...p.y..........%.......(@....(a....{.'..oJ

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\dbghelp.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1077592
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.435239338734592
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:n7PeeMxAg8KA6EhyC/H488sCGF8MBo9Bi8sROlu4VWKl6sEPdf8/2RYv:cxNEhyC/H488sLqMDIlu4Nl6suK2Re
                                                                                                                                                                                                                                                                                            MD5:EEDA10135EDE6EDB5C85DF3BD878E557
                                                                                                                                                                                                                                                                                            SHA1:8A1059DFD641269945E7A2710B684881BB63E8D2
                                                                                                                                                                                                                                                                                            SHA-256:4B890DE3708716D81C1C719B498734339D417E8FFC4955D81483D1EBC0F84697
                                                                                                                                                                                                                                                                                            SHA-512:A56BFC73537E36EFBA8E09FFD0B2F6BFC56BC4CB4FE90B52858C7AFD5D67DB23CCBA51C8097BEFE4ECB5082BA66C2B2612E2975EF3448252C48B97F41D12D591
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^1...P...P...P..!z=..P..!z<..P.......P...P...P.......P.......P......!P......qP..=...<P.......P.......P..Rich.P..........................PE..L...8d#I...........!.....>..........a........P...........................................@..........................6..c....)..<.... ...............V..X....0..........................................@....................)..`....................text...s<.......>.................. ..`.data...d....P...H...B..............@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\fips.cnf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):638
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.242618018191851
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:oOtKAD4cL4jVpfWBzX2TShiucyjmwB//Rmq5FjZijTofkVge1O0lgxErqM6n:ocKVg30ucBwB//Fjc7VgQ6erJ6
                                                                                                                                                                                                                                                                                            MD5:D011ED12A4DC54F39CD759858187A2BB
                                                                                                                                                                                                                                                                                            SHA1:EC4F5ADDF866E895804F165B11A3113BE2BBDF80
                                                                                                                                                                                                                                                                                            SHA-256:149C66BB43535842B1C958BD374C63151A9004F167F84FF4C26D824140D94546
                                                                                                                                                                                                                                                                                            SHA-512:D8C126A9D49CABE4F5A7426E8A28C307175705793A0BA00B389A6CF102E1C5B67EAAD86120D18E4255939BA25A16941509FF200645BEAA5ADDF806AAF78D632D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:config_diagnostics = 1..openssl_conf = openssl_init....[openssl_init]..providers = provider_sect....[provider_sect]..fips = fips_sect..base = base_sect....[fips_sect]..activate = 1..install-version = 1..conditional-errors = 1..security-checks = 1..tls1-prf-ems-check = 0..drbg-no-trunc-md = 0..module-mac = E7:9A:3C:79:A6:26:9B:08:C8:49:E6:39:CF:53:1D:51:80:84:F9:03:51:1E:6F:F7:0D:54:99:06:7E:6F:7A:D9..install-mac = 41:9C:38:C2:8F:59:09:43:2C:AA:2F:58:36:2D:D9:04:F9:6C:56:8B:09:E0:18:3A:2E:D6:CC:69:05:04:E1:11..install-status = INSTALL_SELF_TEST_KATS_RUN....[base_sect]..activate = 1....[algorithm_sect]..default_properties = fips=yes

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\fips.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):697864
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.894512069336346
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:Oek+rZ1rpE3R12+FB0eieQUAD3+yrjxZq0TjhECtMk7cRewV+KGQabw:Oe7PrpEvnFB0eie/EuyXxZq0T/tDcRhH
                                                                                                                                                                                                                                                                                            MD5:6988F7203F05D378C5891246FD6BDB8A
                                                                                                                                                                                                                                                                                            SHA1:61BF4CC18635D2367079F8D0EFD68D0ADE0649CC
                                                                                                                                                                                                                                                                                            SHA-256:E492BDD2BEA606D5FF645B8E79F294B4811CA987FF9D7B53B49079D305F03AD4
                                                                                                                                                                                                                                                                                            SHA-512:8DB30DF8B64B283D35BB78BF813D6FCE476E8EEDC77FBFB6780D58316AFF8A9C728A4BBE9D593E60913CC14696EDEBA25C0AFEE3338275E4EB62CEDB6235681E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..fo.i5o.i5o.i5$.j4d.i5$.l4.i5$.m4{.i5.3j4z.i5.3m4~.i5.3l4q.i5$.h4h.i5o.h52.i5o.i5b.i5'2m4..i5'2i4n.i5'2.5n.i5'2k4n.i5Richo.i5................PE..L......f...........!...)............0 .......0...............................@............@..........................4..P....3.......0...............~...(...4......................................."..............................................UPX0....................................UPX1.............t..................@....rsrc........0.......x..............@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.cnf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):168
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.40567624896974
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:ekfDaZOtK1FA1Jn4R7mvLvn4RYVXKCw/AFLr+TmNfOmZyJn:xiOtKADn4NmvDn42oCQG3+TJn
                                                                                                                                                                                                                                                                                            MD5:A43B7D72B482D48804B377D8832C2693
                                                                                                                                                                                                                                                                                            SHA1:B1598EFDA8E9863F520ABEF9AAA942C313C002FD
                                                                                                                                                                                                                                                                                            SHA-256:9ACDE3809E2C02FE5D6C59153AEFFFE6628996EC5CFB7C2385865DCD1EC8BE7E
                                                                                                                                                                                                                                                                                            SHA-512:F0777A8F79E70F8A12F531C3E77F5241E9ED46ACC6A1CBF06FF7A29D91EE281E4CD2A9C1832642992FE74D33B052670F85439E5925FDB7C44DE60014E53712DA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:config_diagnostics = 1..openssl_conf = openssl_init....[openssl_init]..providers = provider_sect....[provider_sect]..legacy = legacy_sect....[legacy_sect]..activate = 1

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):160776
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.899895349405453
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:H/sEMdTGyFIYyCYpJLCKbfBzucH7Qt3zgHIlWbKIxUNCWJzQAaDFD:UHUTCwRJbU3zOb7FWJQ1
                                                                                                                                                                                                                                                                                            MD5:9E2B825AE78562717311B9D8B92D764F
                                                                                                                                                                                                                                                                                            SHA1:B878616DF4D36F6694FB9F1826F7D08D01088AE5
                                                                                                                                                                                                                                                                                            SHA-256:A874CA3EC78D406D5C45F9AEEC8A3ACB4E4C9E4677D383F09A2D85CE1B70987D
                                                                                                                                                                                                                                                                                            SHA-512:B8C201ED6B856DB07B031A30E6D28C3A5A62DAF39A75265F8AC0DA58C3DAF8ED7609DF91C7A946118D390468A48C6A0AACA5BB7FF501770AF366CAC7F003C6C2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ge[.............~.......~..n....~.......~..........................................s...........................................Rich............PE..L......f...........!...).P.......p..................................................:.....@.........................l...P............................L...(..........................................................................................UPX0.....p..............................UPX1.....P.......B..................@....rsrc................F..............@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):106488
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.32061050041943
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:ZdvQnJ9Cy5G4XmkRCXZ5YPPAq4SjIZUKzFrRjbuPp94m:Zdvby0lZ5YPPAq4SjIZUKLjbuPTJ
                                                                                                                                                                                                                                                                                            MD5:4558A2A5E78C67A1604E1B0AE01EE927
                                                                                                                                                                                                                                                                                            SHA1:31FBA3348123004C61FD4B00A47B61B0A2CE336E
                                                                                                                                                                                                                                                                                            SHA-256:0C3C89CE595A59830D4F11E4C9B99F6D0A4A2D7D88406B5B4EF5C3D1F0F80F50
                                                                                                                                                                                                                                                                                            SHA-512:2AB1D6A500B086B9BBC5DA17D48CF9931CB8BE22D206C9F1EB1C18D72DE27D079D8491A76B51F222C44CE87493A5BBFF189E3CB6D66ADDF3064CABB44D28A5B6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......K.>..S......#.........:...............0.....m................................*......... ......................P..o....`.......................w...(...p.......................................................................................text...............................`.P`.data........0......................@.`..bss....4....@........................0..edata..o....P.......*..............@.0@.idata.......`.......6..............@.0..reloc.......p.......:..............@.0B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcrypto-3.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1336328
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.871375711510445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:B/fqcYYzqZYz970TN1T42xGWD9bujQdC5NNQIpL8575+HZ0tuC+:NHRzHuh1cQGWDRu08Q0L8J5+HZ0tuC+
                                                                                                                                                                                                                                                                                            MD5:67998603B05979931B23D16655529E15
                                                                                                                                                                                                                                                                                            SHA1:A7EE73C900A3F6EEDFDEFDBC3A2099D5185BAEE2
                                                                                                                                                                                                                                                                                            SHA-256:6A08DBFBFBBDEFE80D9CFCDF8BC26C9183A4FFEE24EEE0FA62571381AD28E9D4
                                                                                                                                                                                                                                                                                            SHA-512:1BB92EBA016C76CB446FF0152BB13EF6043E05A5E2C14B38080F6CC7DA5CC2E4CC25C88717222917C128DC08F9DA3937E1635FBB21BCC4ABF10B9344CBED2369
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........1.seb.seb.seb..fc.seb..`cxseb..ac.seb..fc.seb..ac.seb..`c.seb.sdbWseb..dc.seb.seb.seb..ac!qeb..ec.seb...b.seb..gc.sebRich.seb................PE..L......f...........!...).....0....(.`.:...(...:...............................<.....*.....@...........................:.|"...:.@.....:..............<...(....<.....................................D.:.............................................UPX0......(.............................UPX1..........(.....................@....rsrc....0....:..(..................@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcurl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):665096
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7123002524702144
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:Q2faLhcqedTWswfIGeXJlte2MU0hFVX2YNGp:Q2CLWJWLI53JwVX22Gp
                                                                                                                                                                                                                                                                                            MD5:9CC8906D902382CC11C4D4D3BBED8DBD
                                                                                                                                                                                                                                                                                            SHA1:9A73671E7952DE65E8A8CA21ADFABC871E157046
                                                                                                                                                                                                                                                                                            SHA-256:CF199C492F0AA0376BE124E74DB1B6B7D5FCC796F37714B777CBADACF3F07E46
                                                                                                                                                                                                                                                                                            SHA-512:28857B9BE062229C1DAFDE61444FEAF0A63B888D9670BC878B7BF7E2F41B60533AF87863BE0F6A47FE4E950927EBEA18FAFD32C2D2EB73A28CC5BED602F30DA5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........G.bj..bj..bj.\.i..bj.\.o.5bj.\.n..bj.....bj...o..bj...n..bj...i..bj...k..bj..bk..cj.\.k..bj...n.%bj...j..bj.....bj..b...bj...h..bj.Rich.bj.........................PE..L......f...........!...&..... ...............................................P............@..........................c..$...$m...........................(......lT...U...............................T..@...............L............................text............................... ..`.rdata..............................@..@.data....1.......$...~..............@....rsrc...............................@..@.reloc..lT.......V..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libmp4v2.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):623056
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.452703221703766
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:vcqfl06LEuieb/drb93hVzyp5dl+lyyMKhoRZhD9ZKck9Qh/5Ffdw0CnbHu9gJJt:kqdFzbFrbUp5dl+lyyMKhoRZhD9ZKckB
                                                                                                                                                                                                                                                                                            MD5:B03D660319962C265C8A5E6F89CD019D
                                                                                                                                                                                                                                                                                            SHA1:289BA87563ABA33D9385C04834745AF4F5BE1882
                                                                                                                                                                                                                                                                                            SHA-256:66ECEBD3D11557D42AE33B64E522F371D6D27651B8B7350BEF41F691FAB1465E
                                                                                                                                                                                                                                                                                            SHA-512:F5376FE1195A14DCC4F1265F61088EF0452C72DCF17F0B7AA4ED4DB903347C60C9557E556DEAF0244DB0A5F3EA8B7065D7D66BD1638D1EC566EE26110854D5E1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......97..}V..}V..}V.......V..t...tV..t...mV..t...zV..}V...V..t....V..t...|V..c...|V..t...|V..Rich}V..........PE..L......Q...........!.....b..........+*..............................................?.....@.............................Uh......P....................j..............................................p...@............................................text...~a.......b.................. ..`.rdata...............f..............@..@.data...$.... ......................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libssl-3.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):342024
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.895641722792913
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:1Y2e1wyPJHcHPL4W84QDcsKzJEraJJZ90eGBSemTEMNFrUCoSbL:LaJS0W84QopzJE2JJseGBugMNFhbL
                                                                                                                                                                                                                                                                                            MD5:523BA7EBE060B6961722FF97089695B7
                                                                                                                                                                                                                                                                                            SHA1:EFC5C558A78CD5DB8F3F0DC510FCFF8EE4876E77
                                                                                                                                                                                                                                                                                            SHA-256:EA3795FB2D4CFE2FE70F616E3C5D9BD73DADEA39F8CC3A4BF81389F73352097A
                                                                                                                                                                                                                                                                                            SHA-512:A2265D470FCBCC7E0E8AE88B44969768FF1216F76177EE4B9531FB09C980D9D4B1331D41E184BA1F0E66356B5530E7946F614CA7FCEB449B6C1228BC2233755D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t.C..XC..XC..X...YI..X...Y...X...YW..X...YA..XSA.YU..XSA.YR..XSA.Y\..X.@.Y@..XC..XP..X.@.Yq..X.@.YB..X.@.XB..X.@.YB..XRichC..X........PE..L...g..f...........!...).....P......pd.......p............................................@.........................lt...>...s.......p...................(..$.......................................\f..............................................UPX0....................................UPX1................................@....rsrc....P...p...D..................@......................................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1080320
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.546149985066345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:R99IeBE76bZaCUrF0XbuqIpInZVrUCzfk44da:R9S+EAZeY/UfY
                                                                                                                                                                                                                                                                                            MD5:C80A325F7388EFB5C007641FAFE43493
                                                                                                                                                                                                                                                                                            SHA1:52AF0AD0FB1677111560CF50C9EBE165F9068725
                                                                                                                                                                                                                                                                                            SHA-256:8F263D073F936A739E281E4911E6C00A277D3842922BBC9B89B9E704F8F07134
                                                                                                                                                                                                                                                                                            SHA-512:52F22F46222FC29DCDA77B5A92B3C9D6E2C6C7B227680AC26AD061145CD4DCF6C270DB97D9ECEBC44C0688D04AFF1D208614311E6EFE4CD693E8FB0A49E0A3D9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....TN...........#.........P.....................q.........................p......B7........ ......................p..............................T...(...0...9........................... ..........................P............................text...L...........................`.P`.data...............................@.`..rdata..............................@.`@.rodata..............|..............@.`@.eh_fram ...........................@.0..bss..................................`..edata......p......................@.0@.idata..............................@.0..CRT................................@.0..tls.... .... ......................@.0..reloc...9...0...:..................@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppAnnotation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6325248
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.475990153547327
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:196608:4oJSjniNR1rcfIo1zBF7QmQVmdYdlkSIIAx:4n41ruBFVImdYI/x
                                                                                                                                                                                                                                                                                            MD5:49848ED1CF20A82E04A94E41939A4907
                                                                                                                                                                                                                                                                                            SHA1:06867FEBC490F07CCF586A93422C069B64E6304F
                                                                                                                                                                                                                                                                                            SHA-256:8A4AC4A96F5EAA5FA8F6C30A935F0F75DC11FBFE9F5913BD56D0F8A5E58FE8AA
                                                                                                                                                                                                                                                                                            SHA-512:265233A26C53DF0AD910A0F1D8B8EA216C80F1D28E10D8C90470DC38BAB2FA07D9323E6F83D66639D26A53B158544085D342F62A505FBC35D3B9DF34349D6A3B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........L...L...L.....Q.....M.....i...........M.....}...L.....]...V...]..._...]...................M.....{.M...L...M.......M...RichL...........................PE..L.....Gg...........!...*.4...pD.....8........P................................`.....f.`...@...........................".p.....".......#.`.:..........\`..(...P^.(...`. .T..................... ....... .@............P...............................text...K2.......4.................. ..`.rdata...w...P...x...8..............@..@.data........"..j....".............@....rsrc...`.:...#...:...#.............@..@.reloc..(....P^.......].............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppBrowser.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1998848
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6277741075999534
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:mzbyvEDeOGgFdzSL1XZzTPB7RUiF70dkx1vIJHkRm7zpenC8dEo:mzzKOGgFdzU1XZ/PB7R/FYd01gJHkRmy
                                                                                                                                                                                                                                                                                            MD5:2FFABD4FA9D91C297A65429E57985064
                                                                                                                                                                                                                                                                                            SHA1:4DE465EC6E6C335B24F78E9FBB85A9DC365B97F8
                                                                                                                                                                                                                                                                                            SHA-256:175C44864BE07F16ABCF6479077C2F9182A3AFB1AE3AE0BA86D844BCDE656E56
                                                                                                                                                                                                                                                                                            SHA-512:DB0711CE697471441950217BD4E80569E9AC1DF138EF6F30EBB5FAF186A49CCFD3AEB52787244D0BB7D823A7D47785504D5FE50B442757E2AA8C21CCA69CD07E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........Z@...@...@......Z......c.............A......k...@...:...Q...Z...Q...S...Q...*.......K.......A.....}.A...@...A.......A...Rich@...........................PE..L.....Gg...........!...*............"................................................^....@............................<............p..hA...........X...(..........8...p...........................x...@............................................text............................... ..`.rdata..............................@..@.data...(........V..................@....rsrc...hA...p...B..................@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppCam.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1978368
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.631112374121439
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:+c2Fx/aFTOS6Dj1Rie536qegE6TB5CoBUAEf7lgNP0dvRn:+c2XyFTOS6n1Rie53begNTBsgZEDlgNC
                                                                                                                                                                                                                                                                                            MD5:E83D01873E09A4CBD135220375628763
                                                                                                                                                                                                                                                                                            SHA1:2F8198AA78D60957A65AFFC21E97335C99FF1EAF
                                                                                                                                                                                                                                                                                            SHA-256:99E17C3F9849BCA988502947528A02C9CE332CBE4907A1337FD945E7C3555ED9
                                                                                                                                                                                                                                                                                            SHA-512:77B8C46E2154C9AD06833B15FCC09DCF37F1B6CC72482AC528CCC1E62A489A6657BA8021E0B0929A5026835817F4DF6462413BC67251553C3D3A38789695DAF0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"...Cp..Cp..Cp..1s..Cp..1t..Cp..1u..Cp..1v..Cp..1q..Cp..Cq..@p...s..Cp...t..Cp...u..Bp._.y..Cp._.p..Cp._...Cp..C..Cp._.r..Cp.Rich.Cp.................PE..L...#.Gg...........!...*.v...........................................................y....@.........................`>.. ....?..T.... ..PA...............(...p..d.......p...................@...........@...............@............................text....t.......v.................. ..`.rdata.. ............z..............@..@.data............V...^..............@....rsrc...PA... ...B..................@..@.reloc..d....p......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppED.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2101248
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.629891295983128
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:YEukr6uhGu3XVe/HS/ZD7dYq5z1OyNc5k37AEs2kp6gmNgT2:brJ0u3XVevS/ZD6q5xZNYk37AEs2kp6v
                                                                                                                                                                                                                                                                                            MD5:EC11729881E3140C2A51A6404838ECF9
                                                                                                                                                                                                                                                                                            SHA1:7452B763108963B88E8D17A3DAC7B904B9CDB86C
                                                                                                                                                                                                                                                                                            SHA-256:81ECBF82A43C62AA78411DA5491EF90C48F0173E07445E6D1241AE8322B7FADC
                                                                                                                                                                                                                                                                                            SHA-512:F634BC2CD482FD9ED4DB1032B7C92C39BB8FC18AE02C372A691CF307685C7D95AAFE0C4919A94A578D3879FE92587FC5D88801126FA10E79AAAC62B1EAB62AA2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........;..;..;..... ................:........;.....*..!..*..(..*........+.....:....5.:..;.].:.....:..Rich;..........................PE..L...,.Gg...........!...*.....L.......L.......................................p ....... ...@............................. .......|........D...............(...@..."...t..p....................u......0t..@............................................text............................... ..`.rdata..v;.......<..................@..@.data........@...\..."..............@....rsrc....D.......F...~..............@..@.reloc..."...@...$..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppFileHound.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2344960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.694128788540869
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:F5JFzQ3fS1ZcZ6+8Cz7UdCvAsOc0HFcLytHDUsZuh7V4it1UtnN5OTxNRx5:F5JmvS1ZcfvAnc0HqytjtZuhKit1UtnU
                                                                                                                                                                                                                                                                                            MD5:B7499B1FC52F1D22BA3541E35A44547A
                                                                                                                                                                                                                                                                                            SHA1:122DB53A12E91979BD0F830D6436D57F61FE1C6F
                                                                                                                                                                                                                                                                                            SHA-256:93CC8CBEBB842120C5FE87A23A23DFB15DC6DBC7BDBB3FE4B40E120E39409192
                                                                                                                                                                                                                                                                                            SHA-512:EDBD7BBDABFA16FAC091DF5B21298BAF3CD3F35BD9F0382076E85BBA5178932EB9A108481F0399F867D10BF185A11320651D4A8C5FD1DE2531DB9AD93F09C8D5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........v.P{..P{..P{.......{......A{......@{......|{.......{......Q{......}{..P{...x..A...M{..A...E{..A....z..Y...V{......r{......Q{.....Q{..P{..Q{......Q{..RichP{..........PE..L...;.Gg...........!...*.....b............................................... $.......$...@.......................... ....... .......!.`E............#..(....!..7..p...p...............................@...............P............................text...!........................... ..`.rdata...;.......<..................@..@.data...d..... ..^.... .............@....rsrc...`E....!..F..."!.............@..@.reloc...7....!..8...h!.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\qrcodelib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):118272
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.589484950313795
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:9DMkwASAlBbybU8rxkQz/g9pV9Z2dcvxp267OKiY+dp9oLC768hO:9oASAv9FYUp3OKiY+n9oLC0
                                                                                                                                                                                                                                                                                            MD5:99AEA1DEDDB58D86D015A8A9DC4182DC
                                                                                                                                                                                                                                                                                            SHA1:9D228B01E59C232242544CEFE1E775C772D20AC2
                                                                                                                                                                                                                                                                                            SHA-256:DF4B14AFC2C8C7A514F1A8FCE9546C95060565601DC04569377CBA6B878F833C
                                                                                                                                                                                                                                                                                            SHA-512:8D379F7B74C10ADD3F98E4FA9DF72D28A8A46402FFDE8CA95FE3424B305B8D73204B0225C5110A521F68400A87ADEFA1CFD4EC67D0B10D1C6965B5CFD8C7927F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....{...{...{.......{.....'.{.......{.....s.{.#.....{...z.f.{.......{.......{.......{.Rich..{.................PE..L....9._...........!.....&...|......P-.......@...................................................................... r..s....k..(........................(......l...`A...............................f..@............@.. ............................text....$.......&.................. ..`.rdata...7...@...8...*..............@..@.data....L.......0...b..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\reboot.bat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3221
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.297235243948338
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:3UoGnVsAdB/+8W3/VcCDO/wAKCRIpCBIweFC4+C/+CYFc:3UoGnVldBWtejp6tL
                                                                                                                                                                                                                                                                                            MD5:ABE8E3568B6D951E7DD395DA46531932
                                                                                                                                                                                                                                                                                            SHA1:304D81C1B48E16533EF691A9C965818136B9583C
                                                                                                                                                                                                                                                                                            SHA-256:EB700422C31C15757A6C70141274A184D291AAC3BDE191A964F75A90BC084143
                                                                                                                                                                                                                                                                                            SHA-512:19A79D90883103302BDDBAC8A765C6A5196FB78C223D911633285B4BA44EBFFA9C64690102498E3BEF5991DBA0F28847473A44D4F9AA7D637A4C4D3F1EFEA12E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@ECHO OFF..rem %1 - mode..set RMode=%1....IF NOT defined RMode (.. set RMode=1..)....echo RMode=%RMode%....IF %RMode% EQU 1 goto close_and_open..IF %RMode% EQU 2 goto normal_reboot..IF %RMode% EQU 3 goto reboot_to_safemode..IF %RMode% EQU 4 goto shutdown_byebye..IF %RMode% EQU 5 goto boot_to_normal..IF %RMode% EQU 6 goto boot_to_safemode..IF %RMode% EQU 7 goto normal_reboot_asrs....echo RMode=%RMode%....:close_and_open..net stop splashtopremoteservice & timeout /t 5 & net start splashtopremoteservice..GOTO end....:normal_reboot..SHUTDOWN -t 10 -r -f -c "Your Splashtop admin has issued a reboot."..GOTO end....:normal_reboot_asrs..SHUTDOWN -t 25 -r -f -c "Your Splashtop admin has issued a reboot."..GOTO end....:shutdown_byebye..shutdown -t 10 -s -f..GOTO end....:boot_to_normal..ver..ver | findstr /i "10\.0\.*\." > nul..IF %ERRORLEVEL% EQU 0 goto ver_nt6x_boot_normal..ver | findstr /i "5\.*\." > nul..IF %ERRORLEVEL% EQU 0 goto ver_nt5x_boot_normal..ver | findstr /i "6\.*\." > nul..IF %ER

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\swresample-2.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):194632
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.700953544041196
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:CgElAKvMslbFN3XCm3dbSDcTn6iw5t4FEvQeXyB8LGeph+K:IFD3dmABw5SFEv/ypeqK
                                                                                                                                                                                                                                                                                            MD5:4A2F597C15AD595CFD83F8A34A0AB07A
                                                                                                                                                                                                                                                                                            SHA1:7F6481BE6DDD959ADDE53251FA7E9283A01F0962
                                                                                                                                                                                                                                                                                            SHA-256:5E756F0F1164B7519D2269AA85E43B435B5C7B92E65ED84E6051E75502F31804
                                                                                                                                                                                                                                                                                            SHA-512:0E868AD546A6081DE76B4A5CDCC7D457B2F0FB7239DC676C17C46A988A02696B12A9C3A85F627C76E6524F9A3ED25F2D9B8E8764D7E18FC708EAD4475591946F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................9...................................................................Rich...........................PE..L...4.*b.........."!.................C....... ...............................@............@.........................p...........<.......................H.... ..P.......................................@............ ..d............................text............................... ..`.rdata..N.... ......................@..@.data...............................@....rodata.............................@..@.gfids..............................@..@_RDATA..............................@..@.reloc..P.... ......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):145968
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                            MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                            SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                            SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                            SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                            C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1442
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                            MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                            SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                            SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                            SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                            C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3318832
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                            MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                            SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                            SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                            SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                            C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):215088
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                            MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                            SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                            SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                            SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                            C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710192
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                            MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                            SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                            SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                            SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):602672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                            MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                            SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                            SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                            SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                            C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):73264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                            MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                            SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                            SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                            SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\LICENSE.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (514), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9519
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.902271147017698
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:ydP0KvBLCqikR/EgGJLrlwD+eilNi5Py1SDeoDXDw9lF5OMz6Q:PWBuqikR/EDJLriwlNi5KI1Tw9lF5OjQ
                                                                                                                                                                                                                                                                                            MD5:31C5A77B3C57C8C2E82B9541B00BCD5A
                                                                                                                                                                                                                                                                                            SHA1:153D4BC14E3A2C1485006F1752E797CA8684D06D
                                                                                                                                                                                                                                                                                            SHA-256:7F6839A61CE892B79C6549E2DC5A81FDBD240A0B260F8881216B45B7FDA8B45D
                                                                                                                                                                                                                                                                                            SHA-512:AD33E3C0C3B060AD44C5B1B712C991B2D7042F6A60DC691C014D977C922A7E3A783BA9BADE1A34DE853C271FDE1FB75BC2C47869ACD863A40BE3A6C6D754C0A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MICROSOFT SOFTWARE LICENSE TERMS..MICROSOFT .NET LIBRARY ..These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft.. * updates,.. * supplements,.. * Internet-based services, and.. * support services..for this software, unless other terms accompany those items. If so, those terms apply...BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE...IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE PERPETUAL RIGHTS BELOW...1. INSTALLATION AND USE RIGHTS. .. a. Installation and Use. You may install and use any number of copies of the software to design, develop and test your programs... b. Third Party Programs. The software may include third party programs that Microsoft, not the third party, licenses to you under this

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\ThirdPartyNotices.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (755), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96177
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.252050138452329
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:HA9jHwLvGfgg39/zwgAVkguQhrDjugtSEGepkWvrpX7anuqdLSVnfiStPq+3LefF:HA97wyogz1AVxuMjHtSFULryLOgrGWwc
                                                                                                                                                                                                                                                                                            MD5:90630D9EE3E0A5672166A45E00F79A5F
                                                                                                                                                                                                                                                                                            SHA1:D1148F8C7558E9B8A81BF1F50F9E3BED89D9928C
                                                                                                                                                                                                                                                                                            SHA-256:1271701F435F7FE4AA81DC7E273CA80B6391B73580EE20B35A956052C95DE4CF
                                                                                                                                                                                                                                                                                            SHA-512:29E10BD57D1C580ECE70B9B7C4A69DC036A5A64012EB89BA360A71BE6B808150610EA0737351277A3D4235C02323FABEF29F092FA6B2A40F0289F55A7973E93D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.NET Runtime uses third-party libraries or other resources that may be..distributed under licenses different than the .NET Runtime software.....In the event that we accidentally failed to list a required notice, please..bring it to our attention. Post an issue or email us:.... dotnet@microsoft.com....The attached notices are provided for information only.....License notice for ASP.NET..-------------------------------....Copyright (c) .NET Foundation. All rights reserved...Licensed under the Apache License, Version 2.0.....Available at..https://github.com/dotnet/aspnetcore/blob/main/LICENSE.txt....License notice for Slicing-by-8..-------------------------------....http://sourceforge.net/projects/slicing-by-8/....Copyright (c) 2004-2006 Intel Corporation - All Rights Reserved......This software program is licensed subject to the BSD License, available at..http://www.opensource.org/licenses/bsd-license.html.....License notice for Unicode data..-------------------------------...

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\dotnet.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):146744
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.79986521836759
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:tEsPhV8tszk08NHPNZewbrfLLAISe7OQ4sfDW99zj:isPhjXoKwPjae7O1sfDov
                                                                                                                                                                                                                                                                                            MD5:71026B098F8FB39C88B003DF746D9FA0
                                                                                                                                                                                                                                                                                            SHA1:013CA259F551AD6F33DB53FFF0E121E74408E20E
                                                                                                                                                                                                                                                                                            SHA-256:11058E8C2CD05F30DCF1775644BF19D2913C9A6D674C12F91D1896D95D9CC5C2
                                                                                                                                                                                                                                                                                            SHA-512:9830BE3444225A4B2F9FA4AEDBC8AF4F45FDB2548F0B6A2EBA2A2A407EA3C7D8FD78C0E37FAC66CAFBDFAD781AE78B076D225FD5C836A451F57A54053CCEF9AD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.....k...k...k..>h...k..>o...k..>n.,.k.......k.d<j...k...j...k..9b...k..9....k.......k..9i...k.Rich..k.................PE..d...,a.g.........."....(.....B.................@.............................P.......U....`.................................................$I.......... ....p..........8)...@..L... )..T....................+..(....'..@............................................text...K........................... ..`.rdata..Nd.......f..................@..@.data........`.......B..............@....pdata.......p.......F..............@..@.rsrc... ............R..............@..@.reloc..L....@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):350496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.298534795731922
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:zoo0qOJezezqrPeYvCuV10J3keQRJysmFTHABK/o3BCLNzWNxEvf5NCnFeotrcRw:0o0qOqqYvCuV1jyFTuKA2zGxuIeotdt
                                                                                                                                                                                                                                                                                            MD5:00F6FC45937B885439CC6C1A34DC96C1
                                                                                                                                                                                                                                                                                            SHA1:5DF3EFD8A49B91E5AF676D35C02E75A640F4755F
                                                                                                                                                                                                                                                                                            SHA-256:130A3656B07A317F859D542C0F11339F3D0BA4198169853781A3FC04ED64C907
                                                                                                                                                                                                                                                                                            SHA-512:75F088C244271142C58A7CA8F42EE68B910332AC2A23C44F7E6F6C38FF2334F96B8F28EF312A79461F5C631B07110403523B67245BE8D3C7B6D0368913438085
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..74i.d4i.d4i.d...e>i.d...e>i.d...egi.d=.td&i.dD..e1i.d4i.d.i.d'..e/i.d'..e5i.d'..d5i.d'..e5i.dRich4i.d........PE..d...+a.g.........." ...(.............8.......................................p............`A................................................L........P....... ...+...0.. )...`.......{..p....................}..(....y..@...............`............................text............................... ..`.rdata...L.......N..................@..@.data...H...........................@....pdata...+... ...,..................@..@.rsrc........P.......$..............@..@.reloc.......`.......*..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.version

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):50
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.0704355005135815
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:325AWcQytHRNVQZQOhA:A8d9YhA
                                                                                                                                                                                                                                                                                            MD5:4D9989D0E3454FEDFE945413784ED69F
                                                                                                                                                                                                                                                                                            SHA1:8FCB584624E6CAF18B7687715BC36C7680453FA0
                                                                                                                                                                                                                                                                                            SHA-256:439EAC83A94CC3C6B5A272A627396E879C7C449032B983A66EB904541A0C4F22
                                                                                                                                                                                                                                                                                            SHA-512:38127E4F8C161F3C5ADA1800012F2D492753599AF40AA9E05563FF5DECAE54034D9EE7A334C219F704683E120593077D5DA510A9B3A0151A8246875B9A9876DD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:9cb3b725e3ad2b57ddc9fb2dd48d2d170563a8f5..8.0.11..

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.CSharp.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1005840
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7186531276890715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:06dJq30vVE6z8LpeNY+9whtbShFtHVu9yHesCGDUD3I1i:FQ34VEYKaY++tbiHVu9yHFgrt
                                                                                                                                                                                                                                                                                            MD5:9B2A6ABE569D6BFF344CF07D3DF523A3
                                                                                                                                                                                                                                                                                            SHA1:2856F7F922F70A44132D02C0723EC2FA91E1FEDB
                                                                                                                                                                                                                                                                                            SHA-256:099BC112DC645BC4A1FC453E3B4C1FC93A164BFAF69E84C85C2B6EFAC0F7FAAB
                                                                                                                                                                                                                                                                                            SHA-512:B649400460CF236197ED168702707FB7E81FE4AA3D2542EDC07B1D3E1C520C6ECA54F77F7ABDB2DB297AEA0BC82E7A07ABF99A89CB958FEC138CDEE4FDEC5E79
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...[............." ..... ...................................................0............`...@......@............... ..................................d....*..TQ...0...)...........;..p...........................................................h...H............text............ .................. ..`.data........0.......0..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.DiaSymReader.Native.amd64.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2309152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.414576855139372
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:jH+fGgFyzuNiG6H0n8D1gkrz/OAyFAopdrq/c/:+GgFQq8DT/ZyFDN0c
                                                                                                                                                                                                                                                                                            MD5:A71CD05C01F0FC603C0BD782516F806D
                                                                                                                                                                                                                                                                                            SHA1:C15E261D5E7318875D324D28AB70A883CD434C81
                                                                                                                                                                                                                                                                                            SHA-256:7F8DCF37D9D66EAE14C48A79FA2FCD447BD0F38A21BE0203A9C4A89398AACF28
                                                                                                                                                                                                                                                                                            SHA-512:CE53F6DC1F02889ED6FB1F8DF226F9BADBB039F79505CDBD599A00A32B6617DA5E19F2AD7F76BB8134B3CCAD39FAB2209ED8EC6AE42CD30402C4E450FC19FA88
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Wq0...^...^...^.Xh]...^.Xh[..^.XhZ...^..]...^..Z.'.^.Xh_...^..._...^..[.m.^..W...^..^...^......^.......^..\...^.Rich..^.........................PE..d....ZY..........." ...(.....\...... 0........................................#......)$...`A.........................................Z!.p....[!.P....P#.......!..W....#. (...`#..>.....p.......................(....U..@...................0Y!.`....................text............................... ..`.rdata...Y.......Z..................@..@.data....a...p!......^!.............@....pdata...W....!..X...t!.............@..@.didat..p....@#.......".............@....rsrc........P#.......".............@..@.reloc...>...`#..@....".............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.deps.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):28699
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.283179767103418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Q5YQAiYV696T6cCCvPvk29kBQTXvK/XgNJu8pLkRtQojki7JE5GMLQGGxeMCg0g+:Qdgmc2HAweAu+LwZXxa7c8nAeNIoEfAM
                                                                                                                                                                                                                                                                                            MD5:B2CDCC03969704428D83706F823BD8C8
                                                                                                                                                                                                                                                                                            SHA1:62031804C9A9482E45EF1C349CB1631154833126
                                                                                                                                                                                                                                                                                            SHA-256:12F467B3C16265775872ED121223DE71FDB965518E037CDAE566421B4F499E56
                                                                                                                                                                                                                                                                                            SHA-512:2936CE1EB9AF678933A3E3467E0C59BC06413649F026E63C49D51A2C1A7B3A7F7D3F1FEDA51DBDA728B7913EB6429E212971B9AED905CAC7BFF648C1DFEC1B6E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v8.0/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v8.0": {},.. ".NETCoreApp,Version=v8.0/win-x64": {.. "Microsoft.NETCore.App.Runtime.win-x64/8.0.11": {.. "runtime": {.. "System.Private.CoreLib.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "Microsoft.VisualBasic.dll": {.. "assemblyVersion": "10.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "Microsoft.Win32.Primitives.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "mscorlib.dll": {.. "assemblyVersion": "4.0.0.0",.. "fileVersion": "8.0.1124.51707".. },.. "netstandard.dll": {.. "assemblyVersion": "2.1.0.0",.. "fileVersion": "8.0.1124.51707"..

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.NETCore.App.runtimeconfig.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.039544162952557
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:3Hpn/hdNxDI/pAtSFFy:3Hp/hdNyhAM/y
                                                                                                                                                                                                                                                                                            MD5:0828CC814843C0960554265CDA859EF5
                                                                                                                                                                                                                                                                                            SHA1:0140385A9E76436A7F3FED45136462F3393B5CBA
                                                                                                                                                                                                                                                                                            SHA-256:AC377253F9F7CF9D6127D684369DE36DA123D992CDC2E17950E3C8BF9688DF76
                                                                                                                                                                                                                                                                                            SHA-512:22CBB29225F35CEA4329A08BE760420CAB6AB7EA85628436B7518759E09ACEE8F382D79C800E5C8F6BA647CA98B32A35A3A52CC1CB5B9CBD2E3B20FA314D839A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:{.. "runtimeOptions": {.. "tfm": "net8.0".. }..}

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.Core.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1247496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.749340069071408
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:psvPzOPj/l89Sk2f+/eOUCxRepC3/Rk3isQFqULFL:psvPzOP7ymf+/TZq3id
                                                                                                                                                                                                                                                                                            MD5:B3D3DA24C19B47259D6C23F753AFBD8A
                                                                                                                                                                                                                                                                                            SHA1:923B52256967DCF9AE35406B803304CB97B5510C
                                                                                                                                                                                                                                                                                            SHA-256:816DE66126C5EFA65483B583F6A320C284E47FC7030F8CBD7DBED745FEDCD656
                                                                                                                                                                                                                                                                                            SHA-512:D959B6AFE6561084757F1E685167BFECCD94D44F41ADF98D8DF8AEED22296DC16C3484EFABF2EBBA7988825BE5772D51E1E179C91C8B52F024EFCDDAC77DFBEA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Y............." ................................................................Gx....`...@......@............... ..........................................d_.......)...........>..p...............................................................H............text............................... ..`.data...............................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.VisualBasic.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.610099146248559
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:6ku3cV6HxWmH639QdWSdX6HRN72YMTR9zUMq:ruMV/oWDg9za
                                                                                                                                                                                                                                                                                            MD5:3B3C142639335F9B615C0DE17BACB2D0
                                                                                                                                                                                                                                                                                            SHA1:C599AA74C3D0916D6E0BAF0949C5A6894145C6F2
                                                                                                                                                                                                                                                                                            SHA-256:BD36D4FD23D717FE88F2AFEB563EC6034D7FA482278156D99EF3CBF11EC2A5D5
                                                                                                                                                                                                                                                                                            SHA-512:87A3D33BE2DD049D906EEA8266FA4EE4694A81E3EE07F8205CACACC75B141605DDA2D454905BA0196FE26B8C7E68F9F2469AF2AEB4DD92FFA4A65F4C026AEBEF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............." ..0.............B1... ...@....... ...................................`..................................0..O....@..................0)...`.......0..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................#1......H.......P ..4..................../......................................BSJB............v4.0.30319......l.......#~..,...t...#Strings............#US.........#GUID...........#Blob......................3................................K.....C.................................J.....~...........b...........G...........c.....................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15624
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.833706261769825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:eiBpXxu0xtWhPMpWfpWjA6Kr4PFHnhWgN7acWtNfKUSIX01k9z3AGxdUK9:eiLBPWhPMpWfYA6VFHRN7Gh2IR9zJn
                                                                                                                                                                                                                                                                                            MD5:9B22CFB5BED886C6969E9C2BCA6AC35C
                                                                                                                                                                                                                                                                                            SHA1:10136331C4C4C97581055C94AE57D96DAA050FC7
                                                                                                                                                                                                                                                                                            SHA-256:150CE7473F17D708E846CCAFD9BEEAB9C341C28A130F6E37630ACAA622754A8B
                                                                                                                                                                                                                                                                                            SHA-512:E0C31B87191F833492149D9E17FB0CEB6FE15E0E053FD5959223835719F727B9524D6FA4E33EA167FF26CD912096AA455F0E6EA16BD377722D7BF9F2400B760F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.|..........."!..0..............)... ........@.. ..............................=.....`..................................)..V....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................$.....,X.k..C..9.......q..C.m...:...Qr.......Ia.Gz..@.|.s.ERw+.Y..wUD...Ks=S..2>D].o7.Qc.-.w.N.5.._.X...p.|..$...2.KHs....BSJB............v4.0.30319......`.......#~..(.......#Strings............#GUID... .......#Blob......................3................................................"...........;.l.........f.....!.E.....E.....>.................E...[.E.....E.....E.....E...B.E...O.E...v.............

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):121128
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1482993626679106
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:hR1cNXwrxM7wECif70JSvEVcULVi+Ril1dPC:iNIcFC270JSvEVzvC1
                                                                                                                                                                                                                                                                                            MD5:C2DC11B82A094AFCE0E4810E4FA50723
                                                                                                                                                                                                                                                                                            SHA1:769A8C969BB7EC7CA893C1939D2500BB367CF565
                                                                                                                                                                                                                                                                                            SHA-256:19EAB1189558EFEFB90F34B012B8182DFD3C707463F5E0D4F5C0D810156A5ED8
                                                                                                                                                                                                                                                                                            SHA-512:0083FFF0E424FF80B3F8A632F139AD267A14D1419ABD1B68BAF1FC84BD2E5739E805ADF10EC79D7FA325BAC553CF7F0D84C846425638292C550CA3957AF46DAB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....p...0......................................................5.....`...@......@............... .......................................4..........()..........8...p...............................................................H............text...[h.......p.................. ..`.data...a........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.AppContext.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.754633849646731
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:FYjgxACvaW+S7WFlWxNzx95jmHnhWgN7aIW+/yaYHnsTX01k9z3A1dcdL:Fk+NaW+S7WFGX6HRN7BnYMTR9zUdAL
                                                                                                                                                                                                                                                                                            MD5:CA56A8F20FBC0DC300136A7F52CE5448
                                                                                                                                                                                                                                                                                            SHA1:3BC48E9E7EBFFCBDE4A0018ABEE27077AA22C90B
                                                                                                                                                                                                                                                                                            SHA-256:1EE0C49348E8F269D65096B2A749E81E06ABED0796BE768D5383F174B3EBED61
                                                                                                                                                                                                                                                                                            SHA-512:2EC0A88FE112AC840DFBC7992028B85FF216AFF944483F1FC518A5E5E3822A6E7A2E7995E22464A07E3089680664D87124A1F1B1C3036C0F19B643FDF16F5D50
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................w'....`..................................(..O....@..h...............0)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......<...#Strings....H.......#US.L.......#GUID...\...|...#Blob......................3......................................................x.....3...........^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Buffers.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.745504174553825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:/XlE3V0WYZ2Wh8pWjA6Kr4PFHnhWgN7aIWH9qLrRGhFKeX01k9z3AB+Bf5e:99WYZ2WCYA6VFHRN7Cu0R9zI+1
                                                                                                                                                                                                                                                                                            MD5:CAA67B5CB207447441AF97F77A8D28EE
                                                                                                                                                                                                                                                                                            SHA1:00321E60DB8F53DAAB0AF1D86F090B6B77CA2F0B
                                                                                                                                                                                                                                                                                            SHA-256:49BD03FF5EF094D48ACE745D8F5C81077D28551CCA08B16D4C4DFAFAA352E43A
                                                                                                                                                                                                                                                                                            SHA-512:4F886B2E093397A857F69B1635BF3B6ABDD181D17FF21F19AD99916894A684AA35D834FDD03EFEF846AEA6BC99E42D4FBAA7E50EF2400CB818A301A285841B8E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F7..........." ..0..............(... ...@....... ....................................`..................................(..O....@..X...............()...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~......@...#Strings....L.......#US.P.......#GUID...`...|...#Blob......................3............................................................?.....!.....j.....%...........U.....k.....:.......................!.....S...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):276744
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.728786186995529
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:3PA2HHj4tByYOTblcFe4khyO2bIykwXLbn:3I2Hj4tBypHfhD2bIrEXn
                                                                                                                                                                                                                                                                                            MD5:B9B20837FC21F3B6C7DC96118F58A584
                                                                                                                                                                                                                                                                                            SHA1:A1E60495DA508FACB76031996ABCA51306078142
                                                                                                                                                                                                                                                                                            SHA-256:4CC75A63FED0A6388C95628EFBEA788408E4167595D8F3980BCD2BEB9B439541
                                                                                                                                                                                                                                                                                            SHA-512:720FC092603432E3640C9B4C71C969403D2BF400E1C2F7EF1F0C46D85E8A31147113C0A191A1A3180D9FE26337C3E1D0F6BA38505BC8146156A88841F8FFBECF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....(..........." .........P.......................................................#....`...@......@............... ...................................... n...........)..............p...............................................................H............text.............................. ..`.data...h=.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Immutable.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):837928
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.723068549493689
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:arJR+uRoPwKMeN8/98vTU4dQEE3k0T9YLVgHr4iuGvNgllggskj:m+u68abw+CMiz2llas
                                                                                                                                                                                                                                                                                            MD5:B55D4397AF5909E22B8B50E6D6E35385
                                                                                                                                                                                                                                                                                            SHA1:0335B1040CC5339FFAA7833842FDCB1424A19B30
                                                                                                                                                                                                                                                                                            SHA-256:6446E921CF1D5E9B7E9CCE08E1061206129A1D29407B59FF48CBB44ADDBC082A
                                                                                                                                                                                                                                                                                            SHA-512:5A2B196A715BD4334F8A35A61E09C5EA620B710185B18A6DC93E7496367FCA292F3492663C0AC5739BDEB3090E472543F50729C3394FF7B133AB582FCB9E8270
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...1Y............" .....@...P............................................................`...@......@............... ..........................................Hr......()..........( ..p...............................................................H............text...P0.......@.................. ..`.data...L$...P...0...P..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):104752
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.951214543616432
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:XHs0tJVDX9LOIbwNC5IQ7XVrMZqz9AOWSUdbWKvzd8:XM0dzNOIc+IQLGZqzKOOZR8
                                                                                                                                                                                                                                                                                            MD5:D8E1F2706EDBBB0D5283E866FD6B5A68
                                                                                                                                                                                                                                                                                            SHA1:5893B4B685A2172D37DF5519AD00F02B5132DB50
                                                                                                                                                                                                                                                                                            SHA-256:891A7B6BAA99B3A98D33947E69CB35F415BF735D9515DA628D6624BD64595BBE
                                                                                                                                                                                                                                                                                            SHA-512:82F5FCA1138885BF890EA262B7B453E05C76095A7C80F66D2F90CAC91B374153A7E53B4F0C215B389BDAFF63F91DC52912382960E24C646429E12908AB2FECA5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...c............." .....0...0...............................................p............`...@......@............... ......................................H0.......p..0)...`..........p...............................................................H............text...:+.......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.Specialized.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):104760
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.023688556329198
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:/AKdRfAUP9WSJLeI620hCYCARk4YIAO8xocgO50/d0VIOXWShzpS:/AKfASpeJDPAOSocgOa/OBXhhE
                                                                                                                                                                                                                                                                                            MD5:408636AD69D82964450D11E2BC2B063E
                                                                                                                                                                                                                                                                                            SHA1:C6701A74D0993B7E8242DC45C73C47CF38A8CF1C
                                                                                                                                                                                                                                                                                            SHA-256:B2EABD2CC9923818F6D1BDFB3E9CFE02A54D6327DCC4AECCF61F895E0E02E67A
                                                                                                                                                                                                                                                                                            SHA-512:FC252CB0E6B778E410856C1D8B2E00A925C8C6A31E8622687D56D641DC54DAD004507AF4A23406448D1410CB618F7689704E0D504B55A68BA2BD6BD05E8254A5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....<..........." .....0...0...............................................p.......y....`...@......@............... ......................................x1.......p..8)...`......@...p...............................................................H............text...1).......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Collections.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):260400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.618537900857936
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:unxoXLUDXDiKNYX8qTKfAyryS1rIgD3lgT:mxCUDXDiQ+jTURrhFLlY
                                                                                                                                                                                                                                                                                            MD5:F79C5255B5A8113246917AE7681E4A24
                                                                                                                                                                                                                                                                                            SHA1:CC1B9BED6269BB109657A3BBEC56F54C31444B0E
                                                                                                                                                                                                                                                                                            SHA-256:5B20181EE4E188AA6B328C107FEE9506E63EFE3A4F9D2C3517EF2972B6AA1211
                                                                                                                                                                                                                                                                                            SHA-512:731AB48B1913FC9BA4F8D25EB497EF860796FFCA7364AC91D18BE2DCB243CDA6BAE0BD141CD6B8CB77C940253FE642BD44D85999003DD5701BE9242A6BDAB5BB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....;..........." .....p...P......................................................7.....`...@......@............... ..................................t....[..8.......0)..............p...........................................................x...H............text....g.......p.................. ..`.data....>.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):203048
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.207009954800782
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Fyzc/yxHdJdq+4dCLLe6Yfn33wmMWQArD5/oE5bF6fLUV/Yqp:omyx9env3wzWQArcUV/Yy
                                                                                                                                                                                                                                                                                            MD5:60AC5526E44A9F031F87CD84CEC7140F
                                                                                                                                                                                                                                                                                            SHA1:4DFF306D8D13C393EB5924BACF4788397FE29B03
                                                                                                                                                                                                                                                                                            SHA-256:7ABBB89A3B170A9DB8894B7B6E24A6CE99340F6938E1B78A1DE0A941B8B5BB61
                                                                                                                                                                                                                                                                                            SHA-512:18F1B98E350D32DB9269CCB8B650D9E433BC18CE5CBC69B37082E182B3793900616D60814215FE6C5B39C2811A5A9153B6D0BCFD8BB00DA499AB8CA76410CB78
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...er............" .........P............................................................`...@......@............... ......................................8I..p.......()......L....!..p...............................................................H............text............................... ..`.data...M9.......@..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.DataAnnotations.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.675054821557407
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:BjpmblJeIeGXxlkGl0Wu+XWEtX6HRN7klMR9zPyjO:BLc/Wk69zKjO
                                                                                                                                                                                                                                                                                            MD5:F8ADC8C164B2D4E9D87DCABCBDA95B44
                                                                                                                                                                                                                                                                                            SHA1:2D78A2C285FD096612530ED90BF7FBA8A2AE1392
                                                                                                                                                                                                                                                                                            SHA-256:E49B3F50FDB62357C70C944EF84DBCDE9DA86D2833882EA08AC28B1D3DA0EBBB
                                                                                                                                                                                                                                                                                            SHA-512:254E544BE19F32F0DF65627F80EF5D456B52FE38DCA7F1B498839649318CC6A60EC0B81984548BBB20A39753EC4904EC74AD057D2DE2D128CAB81E1FE5444143
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.g..........." ..0.................. ...@....... ..............................1.....`.....................................O....@...................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ...................... -......................................BSJB............v4.0.30319......l.......#~..l.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3................................+.....S...........................3.......9...O.............}.........}...........$.....A.....d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):47368
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.343354931264753
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:fWvPwWlrTB3PadWBj/Dqhzq1c8dgfL9ikyr46JXfCvDXxO88+aEZ4jIwVPBvAN4x:MflmYlkB9n88IVJg86FClUU9zwa
                                                                                                                                                                                                                                                                                            MD5:8118646098B1A4570BB29A5D867A1983
                                                                                                                                                                                                                                                                                            SHA1:58787C4A3E3285BA9C7E7B7574C552467FD96F6F
                                                                                                                                                                                                                                                                                            SHA-256:6C2BA61732037024199D6CB5841E41A51370399ED8E9402D20D378C4C79DCCDC
                                                                                                                                                                                                                                                                                            SHA-512:2CA167E4AA6DEC9B3C811F22DE33FF92DDA58E170EBD322DE54D1725AB6A47403DA7D595A18BE7F72DB2C28C03E620F2505992B29E32BA731E5E442AEE9DF023
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...AM............" .....`... .......................................................$....`...@......@............... ...................................................)..............p...............................................................H............text....W.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):80136
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.846320393478092
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MI5/UZMu4Thd+Cv8A/oqevD2olsmIbktDinxze:Mr4X+S85qKD2ommIiOK
                                                                                                                                                                                                                                                                                            MD5:BC478FC2764A94C56E69E9E38A51452A
                                                                                                                                                                                                                                                                                            SHA1:1C199BF6064992A5A81472B091A01F45B4442889
                                                                                                                                                                                                                                                                                            SHA-256:304635DBC025B5C3BFF78DF48C19980E9B52C632A7D3C145B61288F546293BF7
                                                                                                                                                                                                                                                                                            SHA-512:AE81A6CE5E66CDDE1B074474459DB6081C627B8B38E0F959EBCDEE02AE935BB022E66F39A4451989AA59E3EBB15CE3052CC23DDEE4C9DB5E6649D33EAEE484B6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....N............" ......... ....................................................../l....`...@......@............... ......................................<&..X........)..........x...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):747824
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.643641560609559
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:8tbWtrTblAqmrIofhCXvdb+/ipZ76GaEFBiXMSuD7QLohk+xLRxw5:81WtrFlmrNfhCXvdb+/ipeEFBiEDMSk1
                                                                                                                                                                                                                                                                                            MD5:DB6BCFE78A5A8BA98D4042A2567933F2
                                                                                                                                                                                                                                                                                            SHA1:463D999211CCE7B669437DF3935BE627DCDE8E7B
                                                                                                                                                                                                                                                                                            SHA-256:CD7E2EF84253D24807DD61EF644F5AD8042656340DD02830E3F22E6A7EAB8D06
                                                                                                                                                                                                                                                                                            SHA-512:FD099BFB3C1328602458C6F2C4F7C9FD470CBB0ED78CEADBE70F92E4860701AF956504A4C18443DCCBA63A819D764F1FD3CD3E82A21214FC5189EE2BD0D1C8A5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....s..........." .....P...................................................@.......&....`...@......@............... ......................................p....X...@..0)...0......x<..p...............................................................H............text...L@.......P.................. ..`.data........`.......`..............@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ComponentModel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):30984
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.326509735182786
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:+W4I1Wzqib+d0PMpYA6VFHRN7UYJ2R9zU3:XF5FClhK9z6
                                                                                                                                                                                                                                                                                            MD5:040F8D89AA869EBAE8DD21141ED326B0
                                                                                                                                                                                                                                                                                            SHA1:DD4B5B58DFE497F76F61891B8E62695310262896
                                                                                                                                                                                                                                                                                            SHA-256:0BF9E3E6C8327B7DB4372F27507A71BF0EF06B22F042BBACF4A860F0922BE1FE
                                                                                                                                                                                                                                                                                            SHA-512:6AD73EBE3CB5FE756D5BBACDF6BA09D490D619A1067DC2B6945871F6B7EE5C8901C45B491A26B23E74B8911F396F61EA9A88DE4B2F6BACD1CBF9E20496EF527A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............" ..... ... ...............................................P......)+....`...@......@............... ..........................................0....P...)...@......8...p...............................................................H............text...1........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Configuration.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19760
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.50388265626174
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:TMXTSv/fUNRvGZYdf3zyP/weP+YHTWvANWxRX6HRN7h9bt5R9zExRK:qQPVKWjx9zsK
                                                                                                                                                                                                                                                                                            MD5:96C347B57AAA9AB1CFA8365585E9C9A1
                                                                                                                                                                                                                                                                                            SHA1:17B2B2F1019CC93ED1AEF0BE445CB1053C01341B
                                                                                                                                                                                                                                                                                            SHA-256:19C65DDFD1C484306C928BB8AE838215F7A689E757326791E50FD3C488CD1284
                                                                                                                                                                                                                                                                                            SHA-512:EC1DC25698B055F2C72A435F7C62B93635959A09C142D8908C2B03CEDF45B2E138A27DD227F4CAFA701897B8A305071346056DFE9017A1E0229C6A640B36660A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=#............" ..0.............v8... ...@....... ....................................`.................................!8..O....@...............$..0)...`......87..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................U8......H.......P ..h....................6......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID...........#Blob......................3................................h.................2...%.2.........R.......b.....U.....U.....,.....U.....U.....U.....U...3.U.....U.....U.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Console.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):174376
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.280397830530098
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:zqPlmXCzdfd6+Vfz5mDVV9evshARZvgL4OUgZjZXR1BB1GlKi7:uPoXifd6qwV9eEh2ZvgmQ9bB2KG
                                                                                                                                                                                                                                                                                            MD5:E58A5726978B1DFD94B6B4CB38102340
                                                                                                                                                                                                                                                                                            SHA1:D1A561662830FD01351341CA862BB93191095338
                                                                                                                                                                                                                                                                                            SHA-256:8469DEB8C7D532E8857F5C68DEB291035103DEE3698BF5005F4E08C5BD05775A
                                                                                                                                                                                                                                                                                            SHA-512:2D7B698720D7AB2E8535A68AFA3ABA41D39A888D05E59454CB7E35EE04E9E3CAEF52EA9BE46BCD8E28C7EF4E4098F168D7D0580347A9F980893198995301A388
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..._.>..........." .....0...@......................................................c.....`...@......@............... ..................................T....<..........()...p......`...p...........................................................X...H............text...}!.......0.................. ..`.data...."...@...0...@..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Core.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23848
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.307580885714362
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:/S9H4Ay0l9Jr3OzFPhoact/iKMePLexkrW1rU1ZXt5zElfWXJ2WoYA6VFHRN7kxJ:K9H4Ay0l9Jr34FPhoact/iKMePLAxivR
                                                                                                                                                                                                                                                                                            MD5:85A20E6FF4565669D120A52C00B12775
                                                                                                                                                                                                                                                                                            SHA1:4C648D4161C9FD6C7FAABCDE1ED7F45A68E98A50
                                                                                                                                                                                                                                                                                            SHA-256:CC23F980E20FCED097A234AEB379D9C9C1F5235B93126709199815E96D8F2217
                                                                                                                                                                                                                                                                                            SHA-512:96DCADABD7A73584BB58459404ECD011F088AFE6BF92E413BBE69F9EC329B651415405838100513358DBF09A3EDEC23792A6C54C9BDDFDBE74870BCF74421180
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ....................................`.................................wH..O....`..8............4..()...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...&.................. G......................................BSJB............v4.0.30319......l...<...#~..........#Strings.....$......#US..$......#GUID....$......#Blob......................3......................................................i.......G...........................:.n...J.t.....t...P.................C.....`...............................................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................I.....R.....q...#.z...+.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.Common.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2861368
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.795825527603884
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:9flMLj5HODx+ncGZUG3k+mywJOHPxIyiNgnssolXWMW03Rz7F5hBh0TX1G:lOCOZIunssolXWMW03Rz7+Tw
                                                                                                                                                                                                                                                                                            MD5:38154C0B1654E7B38878A8D20A804979
                                                                                                                                                                                                                                                                                            SHA1:EAE6B02D412B61A64E9FE87B62B77B0A940CC899
                                                                                                                                                                                                                                                                                            SHA-256:85614A082FDB244379E34EDEA86AE8B7DAA71EFB61E52868675E5DA7685FB72F
                                                                                                                                                                                                                                                                                            SHA-512:1E487C6AF8DEF70C168B86843113BE3B0DF15CD978C68FBDC65A0F371276428731241EF315C192E85BE27234CFA6EB1072E48778C36B8845C8DA86E9614CAA73
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h.w..........." .....@)..0................................................+.......,...`...@......@............... ..................................t.............+.8)...P+..-......p...........................................................x...H............text....8)......@)................. ..`.data........P)......P).............@....reloc...-...P+..0...P+.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.DataSetExtensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.666464376103628
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:gmoHF/wAisWaS7W5hWxNzx95jmHnhWgN7a0WO8flXefqg7i1X01k9z3Axpzu8:HoVWaS7W5KX6HRN7QYR7i1R9zORu8
                                                                                                                                                                                                                                                                                            MD5:9783A0CCD5A64883445821E1F071076F
                                                                                                                                                                                                                                                                                            SHA1:C710BFBB818BF9F27F123F07E90DE7DC98C9F6D8
                                                                                                                                                                                                                                                                                            SHA-256:55E5BD120160DDD157A2F11C8D8F9AD99972BAF1FA78C37647B0A34F268AC0DC
                                                                                                                                                                                                                                                                                            SHA-512:23052276DD8F811D240A277FE3C7C77743FAEADC54548E4EE712D5AC4DB7921988406E66B9CEA24A0AF1D73A4D31AFA14E2ED81E87C1F874EFC36C7DF4FDE785
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[@..........." ..0..............*... ...@....... ....................................`..................................)..O....@..................8)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................8(......................................BSJB............v4.0.30319......l...0...#~......@...#Strings............#US.........#GUID...........#Blob......................3................................................E.............|...............i.)...'.).....".....)...~.).....).....).....)...e.).....).....E...........v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Data.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25384
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.290197216885165
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:DWAAaFiTCmM82SuxDJQqMWioFWNwYA6VFHRN7IYMTR9zUQ5:CpaFiTCm0DJQsywFClVg9zR5
                                                                                                                                                                                                                                                                                            MD5:7AA4CC0823A68484980CCB05380826C4
                                                                                                                                                                                                                                                                                            SHA1:7A74462318DDB1B472CA7DD9BB30B05AF2C38CB4
                                                                                                                                                                                                                                                                                            SHA-256:04C204B1FC3B287A1C236AE14A6B397FB32BAB493FCEA64EBA78C8BB234FA37B
                                                                                                                                                                                                                                                                                            SHA-512:D7A58F21889D0CBE1AF6BDF1F009D00EA66B79512F05613EE429964CE6C789FACA1B5CEF6DDFB463D607C498A7BE671601DDC18474124E2A184049222F543C9A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w,..........." ..0..0...........O... ...`....... ...............................q....`..................................O..O....`..8............:..()...........N..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc...8....`.......2..............@..@.reloc...............8..............@..B.................O......H.......P ...-..................LN......................................BSJB............v4.0.30319......l...T...#~...... ...#Strings.....+......#US..+......#GUID....+......#Blob......................3................................<.....H.........~.......................).r.........;.................Y.......................B....._...................#...........................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................R.....[.....z...#.....+.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.674104191430389
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:meVamI4NZKxZ88W6Z2WIW1AWxNzx95jmHnhWgN7acWnFx6RMySX01k9z3AcyFaZr:DVae+y8W6Z2WVRX6HRN7SuMR9zPyoa0
                                                                                                                                                                                                                                                                                            MD5:53A5965A6A8EA3D8EC5FA56EB53A88A4
                                                                                                                                                                                                                                                                                            SHA1:669AF6E47FFE94CC600E21A4EB052C05F65BFF01
                                                                                                                                                                                                                                                                                            SHA-256:F8179EF7837F7BF555720B9FA8C49243365794C28D2F7381E612BFC548681DF7
                                                                                                                                                                                                                                                                                            SHA-512:BBA0CE25676F1B97E4442EEF0FF0410E67DAA780AD18FFBEB61462ECB6846AA82C3AD5806656A4048111807096BF359951E2D628EF77D5923ABCEE57FC855156
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............+... ........@.. ....................................`..................................+..N....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................=......mO9Y.F.&w.(6....?.8.EG..;.J..B.j-........<Z>R._......d|Y...!.tv.k.|;mV..b.^2.<...p........4.......2.\x?.LJ]f.l.&?....BSJB............v4.0.30319......`.......#~......H...#Strings....4.......#GUID...D.......#Blob......................3......................................Z.........9.........................,...5.............{.........F.............................#.....p.........................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.74420130921519
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:jXfMxA3wKbW25mWHWWxNzx95jmHnhWgN7aIWN4uvpGX01k9z3Af/8ROnkxh:jCIW25mWHdX6HRN7yxpGR9zqCOSh
                                                                                                                                                                                                                                                                                            MD5:200A2EF8039A866C29F6646C08C916A0
                                                                                                                                                                                                                                                                                            SHA1:D9AFB3DCF376FDF153D5B0F1AE6167660DFB1FEB
                                                                                                                                                                                                                                                                                            SHA-256:F587E4D5F4347D8851FE63FD165FF3AF6F0A0D7EDB22DC9EC13878CC5342AB2B
                                                                                                                                                                                                                                                                                            SHA-512:51BEB0733A184397ED605D483D0EF47F7A6B6DA05666DB5175CBDB8CDEFB90E4D6BFDB0C59E118796E9851108D590F2EADF3CF07944424C05276BD9F8A64E25C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+............" ..0..............*... ...@....... ..............................+.....`..................................*..O....@..................0)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................$)......................................BSJB............v4.0.30319......l...H...#~..........#Strings....<.......#US.@.......#GUID...P.......#Blob......................3..................................................W...R.W...g.D...w...........0.....w.......................>...........................................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>...y.>.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):416056
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.650016678777876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:bsuTEcoc/FGNasNt2l4ru2jKw6xtQ7/tvjETqCZ03EdZbj4MKpW:QuTf/FGcsNtM4q2jStgjTy4MD
                                                                                                                                                                                                                                                                                            MD5:ADD4BC84418AEC1011BB4AD7EDF12B00
                                                                                                                                                                                                                                                                                            SHA1:A1D54AA744C20733AAAD9CA4F219B05FA8245981
                                                                                                                                                                                                                                                                                            SHA-256:9444173233A16F1C5508DDBCA2DC674DCFCFF91DAE321CBC8AC3A01527A6688B
                                                                                                                                                                                                                                                                                            SHA-512:5A0FC3CF99BE67F49870DA7E487BA880F3624A441548EE76557C355FAC369831DFAB833C8718C986F89B4A77AA7065C9CEEFC95A40794AE1818FBFBC967FA807
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0......S/....`...@......@............... ...........................................)...0..8)... ...... )..p...............................................................H............text............................... ..`.data...............................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):47384
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.386361519950313
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:7ky9wsP/QEBuk3bqUghj9zk6KPivxbzY17tFAX+0foWIl9zApn:7ky9wsP/QEBuk3bqUghjVXKPipb017tc
                                                                                                                                                                                                                                                                                            MD5:CC68F9E56A287662C705302068EF4994
                                                                                                                                                                                                                                                                                            SHA1:DB038C3BC9434359367D4AA7801C605D2D61CFCF
                                                                                                                                                                                                                                                                                            SHA-256:AB5638A08516771F08F7CCA49D9C43FB90E5937CB1D6F03C307A5EBFAAAB5BD4
                                                                                                                                                                                                                                                                                            SHA-512:1609A29259407CD37627B9786897206FCC229DF4955317CD60AC71A9AF175BE866AF456B08C76401CE2083D67E837E37D5AF7B24F61ABB392D2DE44CB71CED23
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....^..........." .....`... ......................................................S3....`...@......@............... ...................................................)......H...h...p...............................................................H............text....X.......`.................. ..`.data........p.......p..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):338216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.547091859291254
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:PZkDfqaP75HL9eEIdanhOe9jb3b41PlmFFVZTdiX2JD:P2DfqweDdSo8D
                                                                                                                                                                                                                                                                                            MD5:634FEF75870C6C036FB4132A4E4D5B63
                                                                                                                                                                                                                                                                                            SHA1:9020E99507A27D3009B5914F0E73C91F39C1AA1E
                                                                                                                                                                                                                                                                                            SHA-256:7BBCA593ED7F5B8F8650ECD5E597190D7D55BC4B1B9D8A992C7A1F887E65DCC2
                                                                                                                                                                                                                                                                                            SHA-512:03B92B87E25344F425AB05475845B14BD8B320E8C09E5B55D94F8FD284097F5226A99720988DDCAE025B92C60847F04AD60D74C0E4E90BAD380EB0A5390251DC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........p............................................................`...@......@............... .......................................w..."......()...........%..p...............................................................H............text...+s.......................... ..`.data....S.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):47416
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.395594314778358
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:dc6qXYiTR+DUnWzE8vk6Y4mPFWg0WhQ9zK6:d0XYiTYDUnW/c/4mAg0WmzK6
                                                                                                                                                                                                                                                                                            MD5:48E2A256B5D7FC2BB74B5046AF715072
                                                                                                                                                                                                                                                                                            SHA1:EC1854323EDB9C462A2A967C1C06759C3261CCFD
                                                                                                                                                                                                                                                                                            SHA-256:2911FCAD2139490432F3FA96FFB3A50A90E06F84C60E45DF60E6DEB4126B16B9
                                                                                                                                                                                                                                                                                            SHA-512:2D0196C98EAA40759ACCD38C5410F482CFBFC83B79CDC629E0297A3B590B1FDD3FB77299F38A1F1414DBBB71475C6CEF744BB2FD7D695E9D3177BF7817F80C68
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Y............" .....`... ............................................................`...@......@............... ..........................................8.......8)..............p...............................................................H............text....V.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):67896
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.071077935827304
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:CFtHMfPA85VU9QbAoqxfxGSC0e+LRnugRxFjyGw3/slSdoF31s7YiNL2OSkkkUPM:2GQ4EoLmpzFYU4WCzj9
                                                                                                                                                                                                                                                                                            MD5:7AEC30A9E458C5C0025FBFA3A940B791
                                                                                                                                                                                                                                                                                            SHA1:E7AED5DDD43AC6D7EF1D474229EDC9FEDFBF1DF6
                                                                                                                                                                                                                                                                                            SHA-256:1A1CB8D5807BF6EF60EE749AF2A7D485A581FC7C03CED44E947E08699566B2AD
                                                                                                                                                                                                                                                                                            SHA-512:0D18CA8444DF6C74CCFD74344B59F6B965783592AA4E674478ADDD5ABACF0518C4C0060BB07E7471BF550A909F50E8DC6B6C779922E58EB870FBCF2E0F298757
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B............." ......... ......................................................O.....`...@......@............... ..................................4...<(..........8)......0.......p...........................................................8...H............text............................... ..`.data...............................@....reloc..0...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8080160066573665
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:PAmShxA/HmWQzUWUdWxNzx95jmHnhWgN7aIW5Y3YHnsTX01k9z3A1GUST:PlexWQzUWUeX6HRN7GgYMTR9zUDST
                                                                                                                                                                                                                                                                                            MD5:6D8E075425E16A234FC8F5463C11BEB0
                                                                                                                                                                                                                                                                                            SHA1:97D419FD390DFBF214FB7CFCA029A3458554F55E
                                                                                                                                                                                                                                                                                            SHA-256:383907734CD3DD76969A359423AEF226CA131AD085FEFDE4943F9B6BB9B28102
                                                                                                                                                                                                                                                                                            SHA-512:45B57EC21B8E618E83E0B0B790A6C5964054D50C3DB8D88A7B564201BD693746C555A0203C50F7DEBB6888222A0BE8307598C6451AA1FDF254E48D1CF5A1A795
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`.................................Q)..O....@..................0)...`......`(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3................................................F.h.....h.....U.................%...(.%...........%.....%.....%.....%.....%...f.%.....%.................O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...q.O...y.O.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):145712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.215648320789539
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:gHiUYBgRTeY0dpwQn60x7cftbgZ7eInKT5DFN3+M9:tBgcY6aQn60x7cftbgUHl7z9
                                                                                                                                                                                                                                                                                            MD5:E65ABBCA33F2ACA899D9F5106D6C4CE6
                                                                                                                                                                                                                                                                                            SHA1:27E9980354458C7EE097F752874C1F6D95EA66A9
                                                                                                                                                                                                                                                                                            SHA-256:CC685536EB2061DD6CAF225E353334AA9179AFAEEC105836CBE3B84B88E3BF1A
                                                                                                                                                                                                                                                                                            SHA-512:C7614E260036828F863764FE41920DCB46055928DD5274628C317C3997C95161D131A02358ADC1B7E3E25928AC24434FCFCF49DE5A6DDE5C5A3FB2B947265F95
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...-Z............" .........0......................................................J.....`...@......@............... .......................................B..........0)......|.......p...............................................................H............text...g........................... ..`.data............ ..................@....reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16680
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.732264017448511
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:QJ+yQNWbKDWdQYA6VFHRN7XblAcGkELRPR9zjOZP:7DVFClruyQ9zKl
                                                                                                                                                                                                                                                                                            MD5:3DE56E93F4E1D8D189EEB58D935D39B6
                                                                                                                                                                                                                                                                                            SHA1:1534FDD929DF529AB29EA4DBD1E9E9D3EC51C949
                                                                                                                                                                                                                                                                                            SHA-256:07990D092B8200A012C83B871324F18AC8C42D335EDFD570A1D6A695D55E43E7
                                                                                                                                                                                                                                                                                            SHA-512:893F5F8D72AB2F0C48E33C7A38864380571D57E162A371B2B4E4ED879CFC37F220117860C7DA324EC5BF57F683B70A78D3BCDE010ED67A7AAAB553D5C9AC4C6A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#X9..........."!..0.............n-... ........@.. ...............................G....`..................................-..V....@..................()...`.......,..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P-......H........ ..L...................P ......................................../e5.)5a..7.......C....V...D1.<t..I.@.......@K..T.H...._.F|..;9.j..TIKLL.tV...=.R?....../{..X....J?....i.M.d..]....w.(.I^BSJB............v4.0.30319......`...x...#~..........#Strings............#GUID...........#Blob......................3................................ .....................O.......................c....._...........}...........6...........B...........................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):133424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.077871799095023
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:DN8FFc4yeP4SyuvmH00N6no5WvCIp4oRcreUiY:eFFEimpjHo4eA
                                                                                                                                                                                                                                                                                            MD5:9436B672EF85B0060E417B93E6F4CD05
                                                                                                                                                                                                                                                                                            SHA1:589C7567B4B9FBCFC69048DF509A8F401F31B49E
                                                                                                                                                                                                                                                                                            SHA-256:FA7D94825EC7ADEF2171952CE5A176B74CF97CB3C7A792A83A0CC03EB4A3B071
                                                                                                                                                                                                                                                                                            SHA-512:A322D1D8D45CF3E5DEA7288BA1C192D5792D0C409A6F0140846A302AF5C33BC4AFC0D11DEC81384B7CCFF8F9B66BFF1F1C20B6A357B3D6AA95A91B1A06BD3E50
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....|............" .........0.......................................................'....`...@......@............... .......................................-..........0)......<...H...p...............................................................H............text............................... ..`.data............ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Drawing.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20776
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.428726027972037
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:v8iP7uC8MYITetNPBw7vaWxAtWdYA6VFHRN7DkELRPR9zjOmxk:vRMPD8FClQQ9zKl
                                                                                                                                                                                                                                                                                            MD5:72E86E777EB37C25309D9CA02FB173D2
                                                                                                                                                                                                                                                                                            SHA1:958DBEA0B0EC16624B24F05A13633642D929A3C0
                                                                                                                                                                                                                                                                                            SHA-256:4EF5CE2DAFC66D495B9D075EB30AA5DC5C32A84FBFB2903E57E514A7BB4ACC96
                                                                                                                                                                                                                                                                                            SHA-512:E15CA60C6D30BF4A661B51D7034E055224A89B108CEBA7FEF13C9246391E46DC05D35E6F46AD6FB0D115CAE7DE6371F6CCAA71695D56A84C9FB9DEFEFC8FAA36
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b=... ...@....... ....................................`..................................=..O....@..X............(..()...`......0<..T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......&..............@..B................A=......H.......P ..`....................;......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3................................................s.#...C.#...~.....C...........d.`...U.`.........*.`.....`...!.`.....`.....`.....`.....`.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16680
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6920378205912305
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:8YwoCMWs1CWSYA6VFHRN7xo0yzxIPaR9zEs4M:8ToF+FCl+0yzxOW9zFh
                                                                                                                                                                                                                                                                                            MD5:61F1E563B3D2F94B3392CD568254FCE8
                                                                                                                                                                                                                                                                                            SHA1:E5F006FBC73D470081D92C2DFD47C13382D78438
                                                                                                                                                                                                                                                                                            SHA-256:9E24A4F9235027AB72D2480FA54EB291AC46E86354F240426CD8FA0FDB2BF197
                                                                                                                                                                                                                                                                                            SHA-512:4CFA20B326B7729D1483CB1AEBBD261A4B6FCC46948C91C4EC844D34038ECBF94C84AD6959AE499AD8C7F05D72C2CF1A19A1C09BC5D25B1B98A81A51B8712357
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.,..........." ..0..............,... ...@....... ..............................L.....`.................................e,..O....@..................()...`......x+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~......h...#Strings............#US.........#GUID...$.......#Blob......................3......................................&.........W.............................j.Z...9.Z.....A.....Z.....Z.....Z.....Z.....Z...w.Z.....Z.....#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Asn1.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):244000
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.507233565279823
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:IgsUsdJHsqVpPq+Pu1Nr7tXAjsEpN0Qif+H7zgiuG4krZAuZAt0/+9MyQ4UjIPKx:zTs/Hsq7Pq+67qjhp+QifaCtz9VTKp
                                                                                                                                                                                                                                                                                            MD5:CDF076CA69511E705F6F5B753098F9AF
                                                                                                                                                                                                                                                                                            SHA1:90D319A2C2206528DDC216C4B7A55F3011EBBAF8
                                                                                                                                                                                                                                                                                            SHA-256:689C8742BA53CD02774B1E7A94C9C9F15767C4BF4FCBCE2B801B916329BAB51A
                                                                                                                                                                                                                                                                                            SHA-512:1ADABCFBB98CAE2AEF81ECC4C7E3E423E02955691FF0B6FA0733EC764CD94DEA6CA9A3F2797D60760E28FE053F7797F77F3DC8B854A627836C020B569B05E13D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....@...@......................................................h.....`...@......@............... .......................................P.......... )......h.... ..p...............................................................H............text....=.......@.................. ..`.data....*...P...0...P..............@....reloc..h...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Formats.Tar.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):272664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5102889309866585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:OhWQ+7dHwUJgHKaDh3ZQDQKEtS5SQTc3XPOsu1t4jnX4Sly4cv8zq/xv642ucUpX:Y5+7NIHCEJ9ly4DW/2NfpgzAmR
                                                                                                                                                                                                                                                                                            MD5:41A6F214168ABD16EB912C85ACC09E6E
                                                                                                                                                                                                                                                                                            SHA1:29441BB9FA6E8B7A3F058FD511490025C920246B
                                                                                                                                                                                                                                                                                            SHA-256:4AAA042DA8CCF199E8131429FBE28B71A8547B3CB8ED20D3B6962BA6D45770F5
                                                                                                                                                                                                                                                                                            SHA-512:B977AC9C155CEE618739A115A495EB92EF270A5B0DCA1DAAE4C78B836BE3A7D3EC06B030180AED0AD116C4DA6A98AE7185D919FE141A667AF6FEEADA0C72030C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....!............" .........p......................................................Q.....`...@......@............... ..................................t....f...........)......L....%..p...........................................................x...H............text....|.......................... ..`.data....V.......`..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16168
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.766379214654712
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:c0sRqXWDRq4oRqm0Rq7WSYA6VFHRN7XgJ8KER9zly1O:9mqKq5qmuqFFClwJ8R9z01O
                                                                                                                                                                                                                                                                                            MD5:D21C365011A6420D58FE6EBB86C5784E
                                                                                                                                                                                                                                                                                            SHA1:7EEA87877D56968A80A940C5FDD72E7416CB666D
                                                                                                                                                                                                                                                                                            SHA-256:C016FF9595BF28A1D507A8058BE786FD0EEA635569EAE5E27D8F7B0B8D2DE0F2
                                                                                                                                                                                                                                                                                            SHA-512:FE74960971E974771D86195B317A5096412868654F151CA2BB1FF4E058EC8315AA19613C2423597A6C02F88BFFA4E6C05360C1143FE09306955DA48DEF5C9477
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0.............>+... ...@....... ..............................H.....`..................................*..O....@..................()...`.......)..T............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................l)......................................BSJB............v4.0.30319......l...p...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................;...x.;...3.(...[.....^.................I....._.................w.................G..................."....."....."...)."...1."...9."...A."...I."...Q."...Y."...a."...i."...q."...y.".......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.821063767728242
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:2gKxRPWYRg7Rp0RjWCXYA6VFHRN7HoJR9zgwmL:2gKnN+putXFClA9zA
                                                                                                                                                                                                                                                                                            MD5:0DEE67964FCB385F9FA8B7C3828ABCDD
                                                                                                                                                                                                                                                                                            SHA1:831A65D098049E4260A24B7C6AF40B1F97E4D598
                                                                                                                                                                                                                                                                                            SHA-256:07C60EF102AA7DFAD2BC691A9B4B9D827C40934C4E88029E19E9694267B93465
                                                                                                                                                                                                                                                                                            SHA-512:277719C8981D6EE5F86E58FD6F1D554E9044B397A0598C4FABF7B7E6F8243A86C96114EA3DCAA80EF9942F47C60D0CB27DABF8CA081437A20A94312C4155DC52
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..............)... ...@....... ..............................5.....`.................................o)..O....@..................()...`......p(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................8...x.8...3.%...X.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Globalization.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16160
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.706885767315989
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:9D3RLWdRMCRA0RHW7lX6HRN7U3GiNbZR9zBd6o34:9Dh0jAuSFWmFT9zz34
                                                                                                                                                                                                                                                                                            MD5:1104F40E8469C5590E7EFF79F7CA7D20
                                                                                                                                                                                                                                                                                            SHA1:D156ECD4719973DCD81AA14D1A5E25C403506E66
                                                                                                                                                                                                                                                                                            SHA-256:B5809B99963888AA99A958A22982CDDD7235C09053466F2922C3AB120CBDE456
                                                                                                                                                                                                                                                                                            SHA-512:2126C5FF977F4E1A1F1CD0D5E96C0AAB5476CE12C9EE14B3AB9AC7180C9483F681029C961E3031D82F788B2172F647FADFE99805BFAFD9A2625723B0C1E9273C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............" ..0.............v*... ...@....... ...............................q....`.................................!*..O....@.................. )...`......8)..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................U*......H.......P ..h....................(......................................BSJB............v4.0.30319......l...T...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................D...........o.....*...........Z.....p.....?.......................&.....X...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Brotli.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):84280
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.88073044398993
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:pR6V+A9+/PACL3jKhNro9wbnjVZE+eU6phWpGzFT:pR0Z+3Ai+hNroebns+P6PsGpT
                                                                                                                                                                                                                                                                                            MD5:75A8A0B838312CA85F7080E46E2AD772
                                                                                                                                                                                                                                                                                            SHA1:0CC9A61CD1CFC94CB62E398161E55326AA746A34
                                                                                                                                                                                                                                                                                            SHA-256:2172BDD60DDE91FD530473D4C8D7BD96EAD15CCE886B438F3B39363DE781C671
                                                                                                                                                                                                                                                                                            SHA-512:770A19C2C1CE7228835AE58198CFA9CCB52E1D9AD246D18069354F0BD94D2A1A2BCFF430F59B5320026C625EB47CF2B6F650659E1F69D8E1AB5334AC806F63D7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........0............................................... ......."....`...@......@............... ......................................|(..L.... ..8)..........@...p...............................................................H............text............................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.FileSystem.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.764939082374204
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:5tfL/jFoPaWuJmW0xWxNzx95jmHnhWgN7a0WamLkoiINFPKBWX01k9z3A+olmV:PfLxKaWuJmW0aX6HRN7R1t8KER9zllV
                                                                                                                                                                                                                                                                                            MD5:C804A5B35533C6C78ACDEB7928617388
                                                                                                                                                                                                                                                                                            SHA1:C037FD5B022707FEA213F703C22682CB4A2C95FB
                                                                                                                                                                                                                                                                                            SHA-256:1481A72E898D6A995BB99EFFFF60AC5CF4D49463A24DC23EA6F73B5E69E3251F
                                                                                                                                                                                                                                                                                            SHA-512:EC938C04E946C36CB378A387D8E8EB679E16A43C4E0E75C6DA8A428E426B0EACBA7170758EB1199A45B18A1239EA61806ACA85FBAFF698D6FAC77B3FC8268F07
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.t..........." ..0..............)... ...@....... ..............................X.....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3..................................................U.....U...Q.B...u.....|.....7.*.....*...g.....}.*...L.*.....*.....*.....*...3.*...e.*.................<.....<.....<...).<...1.<...9.<...A.<...I.<...Q.<...Y.<...a.<...i.<...q.<...y.<.......C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.Native.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):831256
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.118714221658192
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:IAw//Ol2fDVo5pdHnbAHhlyZ8OXTw05nmZfRc5:IAwXDVabAPlAmZfRs
                                                                                                                                                                                                                                                                                            MD5:C890CB767071D6E6231D7FC96B09812A
                                                                                                                                                                                                                                                                                            SHA1:DA53E98E516F2482DAD274D7D37B98A9307669A0
                                                                                                                                                                                                                                                                                            SHA-256:5146291E6AB9C284FB1FB9564C067A142B97CDBE66D8DAE6BA4E67CF52C66F0D
                                                                                                                                                                                                                                                                                            SHA-512:11EBD9B4DDBC4B18724BBAB8E59A8FD41366CE4D4B4905351D7B4EB61019B4E6A146C389A3761D2B8459A947C39B77F9BFF2C825E38DA15F6476C54ABAB64CDE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..uh..&h..&h..&.8.'`..&.8.'b..&.8.'H..&a..&d..&.:.'k..&h..&)..&{?.'G..&{?.'i..&{?{&i..&{?.'i..&Richh..&........PE..d...Pa.g.........." ...(............P...............................................5(....`A.........................................^.......`..x...............d........)..........0,..p............................*..@............................................text............................... ..`.rdata..Lg.......h..................@..@.data...l....p.......\..............@....pdata..d............`..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):55592
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.794508588818863
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:WrHCYlbejwSCGs6ZQyvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvB:WrH70jSVyvvvvvvvvvvvvvvvvvvvvvvZ
                                                                                                                                                                                                                                                                                            MD5:78C22A26EF9F5B8411C0E3CF5AD7441D
                                                                                                                                                                                                                                                                                            SHA1:0B6893BF383C5EE0A72FF0037D8D6A49D986718E
                                                                                                                                                                                                                                                                                            SHA-256:7AB974DC21BA2583908C76AB1D341668B737C31D77A450C964D54579CC23DA5F
                                                                                                                                                                                                                                                                                            SHA-512:C0B6A08BF8A91A27CC9D6C2B3AA6555DAF6F5F5F959A8D188B0054AD25CFA1C171954C45FA68CB09579B3306D4AAC6D3254FA477DCF036609AAEF2DE1CDB2839
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....l..........." ......... ......................................................E.....`...@......@............... .......................................!..........()..............p...............................................................H............text...8y.......................... ..`.data...A...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Compression.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):264472
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.548591134679868
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:pAindQCtmkal13Vn7vUoD2+bkf/B3q1GqqcJIbaIksoRirnnMpDTp/RbC++xMQPp:eidUT3tn3bwNKvco4roTpcaQPEamBHY3
                                                                                                                                                                                                                                                                                            MD5:D9F34984A15B7E1651950F7FC4212AD1
                                                                                                                                                                                                                                                                                            SHA1:E31F71380FCC9BA64847F0B60D8DB85671F83F85
                                                                                                                                                                                                                                                                                            SHA-256:E595732C065539AB183FBD27CF5E42C63D11079F7ACBEAE455421B5E2E73B669
                                                                                                                                                                                                                                                                                            SHA-512:FCB010FBCEAE2197AD927265DD5FA5A8CDE9E0859C127144A0DEC5E33592CCAE6CDD840F1CE15BE216EBDB6755374AD8D14162303219A4C2D5795AC8F267DC65
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........P............................................................`...@......@............... ......................................df...........)...........%..p...............................................................H............text....|.......................... ..`.data....;.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):104728
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.04299609988956
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:xxkAAMNiDSjaabcPihEzfQHlDE7H+CAvpYx/K8yf9DSWXpzF:xxL3YuiA2dbi/f9DSypx
                                                                                                                                                                                                                                                                                            MD5:7B8853FA50238165F45E3C6B33D6351C
                                                                                                                                                                                                                                                                                            SHA1:5168A2CB788E45828329959A8BEB2ECBFB49112F
                                                                                                                                                                                                                                                                                            SHA-256:3053AB194B17A8175155651B35D0FCB62F3D8F0C3078CBDC2627C4C7669042F3
                                                                                                                                                                                                                                                                                            SHA-512:5A980D92DC624D433AA929B6643D05710058B71CE0FC85814C80421578E6BDF94A0900221B59DC8458DED615A655C809A5907D3960F0BA98AC2392A3B424B23B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...U............" .....0...0...............................................p............`...@......@............... ......................................P-.......p...)...`..........p...............................................................H............text.... .......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):55608
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.425657754099587
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:FhuF4f/D8T5a9OkVAJM1/1PC0lr1sklWIk8R9zo:FhuKD8NawkV51/1a0J1sklW8zo
                                                                                                                                                                                                                                                                                            MD5:D65CCF17AE03862430A708738F23980E
                                                                                                                                                                                                                                                                                            SHA1:2946EC1A63DDE5130CA32274D34C02A70E0F3CA4
                                                                                                                                                                                                                                                                                            SHA-256:D7BF8354D118851E2CF0934CE8AFF5DE79C12362FAB51107E8C42BDC20C2B39C
                                                                                                                                                                                                                                                                                            SHA-512:DAD79CB469E724DAEB51B72611BEFEA74FE24029A5135C729B87DF2C81781DEB2ACAD08EDB0FA295ABA50C8C5A1AC41802528C5ADE8F3629538FE35B2A9347FA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....7............" ......... .......................................................X....`...@......@............... ..................................................8)..........`...p...............................................................H............text....p.......................... ..`.data...E...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15624
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.821694638098971
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:z1qGW/dqWMYA6VFHRN7eVXC4deR9zVj7qgTyS:z1qtgFCleVXC4dC9zVjBTN
                                                                                                                                                                                                                                                                                            MD5:67EBDED0179552C303E213781BA5DB4E
                                                                                                                                                                                                                                                                                            SHA1:BAC421FF4E7F2CE0CA3073294E19B6C19B587F74
                                                                                                                                                                                                                                                                                            SHA-256:7C2AEF2BD75EB88874D980358D91C66DE8919DC887FA94CF1EDD770C3A8E5F74
                                                                                                                                                                                                                                                                                            SHA-512:5A8EA7ABA4E118036898625CA47D6842EF0E5FB19DF1B847BDB5DFF73ED52ADBEC7CABB26D54CD8D44605178E355143814FAE6697ACA27FC292866A6302BBE8E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............)... ...@....... ...............................;....`.................................k)..O....@...................)...`......l(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...........#Blob......................3................................................!.2.....2..._.....R...........E...........u...........Z.......................A.....s...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):88368
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.877540050029605
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:BRo/2qh+M5COJu0ZOqpE5fer4GRv33333333333333333333333333333333333W:BOOGVVu0Z5pw2r4G933333333333333m
                                                                                                                                                                                                                                                                                            MD5:0713043930CD3C83563EC283D10742DC
                                                                                                                                                                                                                                                                                            SHA1:88CCAFEB1BE351C16A3BBFDBC6E160031E3A9B77
                                                                                                                                                                                                                                                                                            SHA-256:3B6BDFB5BAD16C2D2126EABB74A9859CA414FC75E6EB520E93D3A43ADBED7640
                                                                                                                                                                                                                                                                                            SHA-512:BBAAB646F9BE8AE26E0AD00DFDCEC00F8F00968A594BF4C030D0272D2E8F6147413CB939FE4C1563A39AE2566532E429ED0D1362189EBF9205ADC12AADF26A32
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....P............" .........0...............................................0......t4....`...@......@............... ......................................p).......0..0)... ......`...p...............................................................H............text............................... ..`.data............ ..................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.FileSystem.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16160
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.72885945570015
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:iW4RH8FxAvoeTbWyp2WUoWxNzx95jmHnhWgN7agWnY00pyEuX01k9z3Aly+KIQx8:34RH6FyWyp2WUHX6HRN7CEpcR9z0BSte
                                                                                                                                                                                                                                                                                            MD5:5591B6C98BCFC539D04FB4116CD1D18B
                                                                                                                                                                                                                                                                                            SHA1:330F3ED4D9B6546364FD04E78DB1EAC9CDAE050D
                                                                                                                                                                                                                                                                                            SHA-256:4A61B376B6E77FC3FB20ED4ACDA6DBDCBE22D9BC30BF4E06925C003ECA391269
                                                                                                                                                                                                                                                                                            SHA-512:F47FD870FA993ABFFB90C575AD94EFE1FA347944C0435102065146477B2BF1E60EF9493647538949EB19173F4864188F4D407D4B997A5FCB33E653C5A184E410
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..............+... ...@....... ....................................`..................................*..O....@.................. )...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................L)......................................BSJB............v4.0.30319......l.......#~......p...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3....................................../.........h...................................J.......a...............-.............................../...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):92448
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.820503518807393
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:JA3qoT3QvNN08kx2/YE3SjZwKPU7+GGlux8a5htWgEp4z+:JYq23QvNN08kxM3SjZwKPs+GGluxptXy
                                                                                                                                                                                                                                                                                            MD5:7314D93D8AEA712CC1A2D9B72FBFEB2E
                                                                                                                                                                                                                                                                                            SHA1:F9F213CFF762F5006742DF60872EA9B9172E7322
                                                                                                                                                                                                                                                                                            SHA-256:BC9EFF07BA9B2C4F4DD82CACE1409A594CAAA263EA481FF7D095EE32170331D3
                                                                                                                                                                                                                                                                                            SHA-512:5919A654FDFF9452CE14B0D9951C8B33DA0BE8693288AD6364CA4EC1D116B92884DEF110A5B807F02CBE1CFF6F00091107C8C17AA385F1B4BA582344D04C440B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.N..........." .........0...............................................@............`...@......@............... .......................................*.......@.. )...0..........p...............................................................H............text...m........................... ..`.data............ ..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):84264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.806191116216466
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:ROxV+zNttvCu2mNikiq7Zb8G/ve/caa9WkA6/iLzUiz:ROx0Ntt3Pisb8Ge/ltkAyQUi
                                                                                                                                                                                                                                                                                            MD5:F77A293786087936DB47A5F85D028681
                                                                                                                                                                                                                                                                                            SHA1:1F484F14468C4E28C61E04D20CFB77949F7F1E3D
                                                                                                                                                                                                                                                                                            SHA-256:C4CE83776FAF64605E92041546DD886D7718AABDB79585F372822F4943F10CF3
                                                                                                                                                                                                                                                                                            SHA-512:6E937A2C3A80E8B9058DB6C2389085765FD7A449753E4B3ED3DD9F2EA4ABF44DE45BD54E1F9F06AF2A1A8B3C876730898756D621A9DCA310C6430D47171B8557
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............" .........0............................................... ......j.....`...@......@............... .......................................%..|.... ..()......<.......p...............................................................H............text... ........................... ..`.data...`........ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.745569370541998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:2OeIbSlW+WPWuYA6VFHRN7DEpcR9z0B7QWd:2OIyVFClDEpw9zaEWd
                                                                                                                                                                                                                                                                                            MD5:C9E5B4FB06655ACDF85805F9BFAABAA8
                                                                                                                                                                                                                                                                                            SHA1:0434768A5419391C748787E55E7E43CCA69DECBE
                                                                                                                                                                                                                                                                                            SHA-256:357478614E285906C5478249E1FFBEBF08D5B8FD508FEA854DB6632540FC2E47
                                                                                                                                                                                                                                                                                            SHA-512:3DC99ECA3BD14B422C633FA12E081044BAA1756DEAD3D633BA338E7435B5630303ED53D39A681A018047EC4CDB97C8F028EFB91EC16E37F17F28F228F2E68A28
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............"!..0..............,... ........@.. ..............................b.....`.................................g,..T....@...................)...`......`+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........"..x...........P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.Pipes.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):166176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.346058751718644
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:VN2U8z8G2Xr0DUXHw8pLZx1w82V+qyp8E9o8vFM:TJ8z+4D98pLiE9o8vi
                                                                                                                                                                                                                                                                                            MD5:E2998F0D8693BB46B40A210FA04F9BEE
                                                                                                                                                                                                                                                                                            SHA1:645C748C1F9D738598BD8C272FE799A02B0D3D60
                                                                                                                                                                                                                                                                                            SHA-256:1972A42C7B9045D102AD48081CD93DC4D96DAE9FF016F75687D4887D03D2920E
                                                                                                                                                                                                                                                                                            SHA-512:B1B3F451E91DB813ED013FA4547E83F905A35D2A9E2EF557262EA234E1D9F0F2C4E5761F1E3C78A558C8DFB970D9FE47D987179927331915A8BC680B15E8D1C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........@...............................................`......;.....`...@......@............... ..................................T...|@..X....`.. )...P......H...p...........................................................X...H............text............................... ..`.data...6/... ...0... ..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15632
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.829247129940496
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:PWvewMxAqj5WjB+WvpWjA6Kr4PFHnhWgN7agWzFY00pyEuX01k9z3Aly+aI4O:umwaJWjB+WvYA6VFHRN7wEpcR9z0BSO
                                                                                                                                                                                                                                                                                            MD5:971EE5253BB544A7B2B3A1077C2C6008
                                                                                                                                                                                                                                                                                            SHA1:FCE7DB0F757434DF870CC2113DDD67B893C56CE7
                                                                                                                                                                                                                                                                                            SHA-256:5B614D49BBA36FF77CAA7A760A1E2C1642435A1FA949BF3BD25015BFFF91473C
                                                                                                                                                                                                                                                                                            SHA-512:EBB00CFB6916B79A49FD1B6E0F9C7D77373B747D452466D09CD6689297287C8FE7AFE45E5C341B46998AE7D716D62EA88CE3B0EE26D87263C83DA4735FBE344F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............." ..0..............)... ...@....... ..............................n.....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...(.......#Blob......................3................................................$...........=.n.........h.....#.>.....>...x.7.................>...].>.....>.....>.....>...D.>...Q.>.................h.....h.....h...).h...1.h...9.h...A.h...Q.h. .Y.h...a.h...i.h...q.h...y.h.....h.....h.......................#.....+.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.IO.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16144
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.68496802568185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:7283vFlW2ybWaYA6VFHRN7Uxl/7R9zj2IU9S3N:K6F+pFClelF9z6R9C
                                                                                                                                                                                                                                                                                            MD5:A341F35D1B875B0C07079117BA94DD5B
                                                                                                                                                                                                                                                                                            SHA1:1302496E225CC36B8DDFC838CA39061936EFCE0F
                                                                                                                                                                                                                                                                                            SHA-256:FFC7D4206C7B0C9E92C69A00120CE0859440709E8E5E5EB476572985EA040023
                                                                                                                                                                                                                                                                                            SHA-512:89A55CCFC5E4ED80B44E92941CBAD65BDD90E48FC0874DC712F1549BAF557EC85A7BC960B18D304DB311D996918653A771A78808B5D5AB150B4B2DFD33A4A757
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............" ..0..............*... ...@....... ....................................`.................................7*..O....@..(................)...`......d)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................k*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID... ...t...#Blob......................3............................................................=...........h.....#...........S.....i.....8.............................Q...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Expressions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3676456
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.685377818335155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:oQngtOBPgD5EUsp4Zq2daW7L2+K06Fs4sZ39SuDsFIW/pj:3GOB4Ombp8uDsFIW/pj
                                                                                                                                                                                                                                                                                            MD5:B6A58A0AC1AF936FC5F14F8F2D44D1E0
                                                                                                                                                                                                                                                                                            SHA1:0738563464D22751D4ADDFD268A57181CFBE562D
                                                                                                                                                                                                                                                                                            SHA-256:F961C3396AADC6AD4475F12EBEA85743D01B015423FB216DAF3DA7A9B7F3ACBB
                                                                                                                                                                                                                                                                                            SHA-512:41E3E393866711A811AD1E8F0E184905D4F790BCAC061F41BC42679ADE647A77B2861323FB2A3D7C78660C24EB45680FC72AB3953783C1137D428B8600F80FAA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....<k..........." .....P1...................................................7......8...`...@......@............... ..........................................`.....7.()....7.,f...b..p...............................................................H............text...dK1......P1................. ..`.data........`1.. ...`1.............@....reloc..,f....7..p....7.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Parallel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):805128
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.742092274429004
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:Hb8dNdBKT9DzuU4/sKE5QmSfc+1yQgdYWrwG00eK0CszcyYoq:Hb8jKT9PuO5QmaryQgdYef0ZK03Hq
                                                                                                                                                                                                                                                                                            MD5:1E9DB6EC85E31D87782D10CB2A5A6132
                                                                                                                                                                                                                                                                                            SHA1:FF0B9CA05BAAA3028874E6CEC5FAF4188F7B28BE
                                                                                                                                                                                                                                                                                            SHA-256:7004CF19931E4688247A28AAFCD46992E1184C782EA9F6BE3C4491D327355C31
                                                                                                                                                                                                                                                                                            SHA-512:9AD6BE73F1C89A4901AF2011B051D8874903466733196C211AC114361090605BB647034CBB70CA828C5F2637F19E2656A1771516F2564B111B8F4E46DD273058
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... .......)....`...@......@............... ......................................x....d... ...)......T.......p...............................................................H............text............................... ..`.data....U.......`..................@....reloc..T........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.Queryable.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):174376
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.299213446161007
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:KuskFLsWejwPAJ+DF8mPOfww59JK6tLUaS0rm:FswxQKAkOmPOfww59bUa5r
                                                                                                                                                                                                                                                                                            MD5:04C98DD367C3C081624578459663FE4D
                                                                                                                                                                                                                                                                                            SHA1:56976D550298BE9F9DE1BCB30D73D588426941F8
                                                                                                                                                                                                                                                                                            SHA-256:7EFDA8EA3ADC84870CA399F1973C1B48963E034158E5C8D184D97E86C8733BC3
                                                                                                                                                                                                                                                                                            SHA-512:B40AA4DD1F6D4A5723C79C3AD1C206C00671B1E9A243BA911BDCDCBDB7573C28D702BCC06E80A6882BBCBBD19A0BAF6B89047067EC11E1A4DEFD9B8B289F2E4B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....*..........." .........p......................................................Bj....`...@......@............... .......................................+..........()...p..........p...............................................................H............text............................... ..`.data....V.......`..................@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Linq.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):543016
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.741951464470459
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:cNYb37ypY1hh8r4bdhR+JU1/0kxryufbFHJMyS5IH/YzIhMxjCkoTcH3:MYb3GS1hh8rwdh8UxeEvAE+mI3
                                                                                                                                                                                                                                                                                            MD5:6ED1EA9A8EA41D939DA714D97F063993
                                                                                                                                                                                                                                                                                            SHA1:833F7561D58C8336E4E937DE1A2320DB45BE1432
                                                                                                                                                                                                                                                                                            SHA-256:A2FB9DD804188E44948A53C4165815F5CCCDE4CF5FED19988377AF84E86EFCC8
                                                                                                                                                                                                                                                                                            SHA-512:0A0A197AFD26FC51BB32C6A1799D31FFD1F29E9A580C67AA43141F1E7252065791C9728A0595D0B330EF232D34E082DFB544E08CA72210CB8A290FFE4340E8D1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(............" .....@................................................... ............`...@......@............... ..................................4........J... ..()......H.......p...........................................................8...H............text....1.......@.................. ..`.data........P.......P..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Memory.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):157992
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.472585497766165
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:xGyySN/j+0sbFbqX63vwZuIBo7M5F8966oYddCBuqmwehtTihdMU:eSCb6oIBo7qDGdCBuFhX
                                                                                                                                                                                                                                                                                            MD5:1E158B6E320633CA794113EEF60BD35B
                                                                                                                                                                                                                                                                                            SHA1:BD6BC89189E4546ABD4B24C3196C60CE2C2A473E
                                                                                                                                                                                                                                                                                            SHA-256:536310FAD46E9710E2378E6AB65715489C267B13A08AD96139978D97974BD282
                                                                                                                                                                                                                                                                                            SHA-512:B3C89D7F57F69D3E7B0EEFEC4E4F5E6FC56D3023032F8631E126A48B8068A30B2394FF74E9AD5FAB4D8719E42A22D8003B27B60F1A5E009986216AC4D9961356
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....a..........." .........@...............................................@......!.....`...@......@............... ..................................D....6.......@..()...0..........p...........................................................H...H............text............................... ..`.data....".......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):129328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.199319743810756
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:AeiSzjfIwHAOaaRHg/OnTRRY4beHqSZkXs3pMGeh2C:NfIaJxRHgOnN4Zkcydf
                                                                                                                                                                                                                                                                                            MD5:4248D1CB0BB05ECFCF5D97BF2C556E40
                                                                                                                                                                                                                                                                                            SHA1:BCF119421A620917E41CC1C668849FEA3225DC21
                                                                                                                                                                                                                                                                                            SHA-256:AEDF0405E5333C565A1544FF91E2B1DEEBCE8FF75345F90D9A8A3126ACEF669F
                                                                                                                                                                                                                                                                                            SHA-512:16C94D5D6C7559C8065159524F867862C112731470F8919DC755267B9CD1E94AF1162A25771DBD2371107132B9AD5F17CA504F86AB1F54AB47B31D2911F5B5C4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....p...P.......................................................O....`...@......@............... .......................................4..<.......0)......l...0...p...............................................................H............text...Qe.......p.................. ..`.data....8.......@..................@....reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Http.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1730856
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.690299064412809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:PycBozKb96UEnyPwWwnxuNnQZJjD2E1SMR/S5IP616zF1IMx1s:hBozy4UQWwwNnQ//lSMRKa0
                                                                                                                                                                                                                                                                                            MD5:5FEF63054D9A2786E932F48D0EB8C7DC
                                                                                                                                                                                                                                                                                            SHA1:36718C8A24757E6DA65DDD30AFA78691EFE014BF
                                                                                                                                                                                                                                                                                            SHA-256:D88A1E49EC7FE3EFEB41FC61E453CD22468FB729DCF451BF3B1E0C53179077D3
                                                                                                                                                                                                                                                                                            SHA-512:475A3E2DF1AE4987CA2E696D0E28E5888379700D86D496268DE72163B46D67D1CA3E336E23B88F7F0BCEE3D4714CE4695E82E6F55010C435E06B1E65194A7005
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....2............" ......... ...............................................@......,.....`...@......@............... ..................................T....J......@..()... ......`o..p...........................................................X...H............text............................... ..`.data........ ....... ..............@....reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.HttpListener.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):551216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.570850705797673
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:umIF66bAc4F/B7VRZ3KY1B0hZJ6c7fkDNRd2B/hy13n5EWZgsgG4qikXOG4drZ9:TAAc4F/BJ1uZJZxhS3iWZgZQOzr/
                                                                                                                                                                                                                                                                                            MD5:F30FBE5D270D3C1D1BC8103D79E80F0F
                                                                                                                                                                                                                                                                                            SHA1:CE5C4B14BEC108F97310390A18FD989A1C1E7D29
                                                                                                                                                                                                                                                                                            SHA-256:41F81F076D63745AEC9008452DFE5494390507C914D7ED0250571F8AB3721D12
                                                                                                                                                                                                                                                                                            SHA-512:2913F9871A991FE43077AB2EF577E2EA03FD0A1DD2135ED72AF0532CD0ED0879858E8B55CCB0A8D876364A10DA45287ADEED5E80E9F2AD27D8E1E55AE8900056
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........................................................@.......f....`...@......@............... ......................................\...0*...@..0)...0.......,..p...............................................................H............text....s.......................... ..`.data..............................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Mail.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):432440
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.566239028494259
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:wrcqVeM9GnQkW0a+Sdjoe9kDu0GeFowMR5JJLmqRSxnJ8kkG1BL0q3+lsK:Ue40aFP9H0NMBSxvL0AEh
                                                                                                                                                                                                                                                                                            MD5:2C96EE7E735BA59488B6A339EDC04420
                                                                                                                                                                                                                                                                                            SHA1:29CA05738467C74F9D5E7078043CBC1118E1C3EB
                                                                                                                                                                                                                                                                                            SHA-256:E3EFE9F1852535908C7EC2B1B473AA5917D0BED5D0BD2C7D5DC77B603ADF8279
                                                                                                                                                                                                                                                                                            SHA-512:94B6A5D24EC7CC15991FC7C3C86A6A51D04E7112AB595163F4DA6CD2FC2D6E38540157C1CBE703D72764EF73C4ABD4E707D4D0FF3E1268FF0AB04AD842A1D680
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....L............" .........................................................p......t.....`...@......@............... ..................................T........)...p..8)...`.......*..p...........................................................X...H............text............................... ..`.data...mr..........................@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NameResolution.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):112904
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.14105129338038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:kKN4B8OosZjsM/flInEhNRKdRxRZDFauWFsXwYUivYtzf/:kt8O7GMF+E/RgjvDWFsAFCgD
                                                                                                                                                                                                                                                                                            MD5:830154A3A12519882938F7367080CB2A
                                                                                                                                                                                                                                                                                            SHA1:B7464994D56D3F8E615EE56A5A6228C52E6E374E
                                                                                                                                                                                                                                                                                            SHA-256:67D6CE9D3592927FDF25BA715F0E6AAA06A11EB41C13615234CA508813CD7D0B
                                                                                                                                                                                                                                                                                            SHA-512:FD0B691E44E75A85211E0D58D199A2631CE74656FBEC186F1AE3841C93694F395E4C1B64EE14BBF703056EF0F41B111E334E32CA55456EFA11D6FF890238F042
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...@.......................................................q....`...@......@............... ......................................h1...........)..............p...............................................................H............text....7.......@.................. ..`.data...B$...P...0...P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):157968
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.293376030261192
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:2RppMzz2p/xRtqbqW/gU/ULVXyVMn9Qk2e0tnz:YIzypRQb5sd2ll
                                                                                                                                                                                                                                                                                            MD5:0D567DB735EE434D9D42C330D9FE4CE9
                                                                                                                                                                                                                                                                                            SHA1:AFD1A4C53D18285523221E2E0BC2E757D2B64925
                                                                                                                                                                                                                                                                                            SHA-256:D3C0790E53540E6715DB61B512EFA719FD8E195781EE85913FB8832677203BAB
                                                                                                                                                                                                                                                                                            SHA-512:4AA7F32051774ABED9FF97FC16178773BF87E853A0BD554E27CFA5D393570A1A29C47F0C9FD2262FE7551335FC2687AF416CE4DC78C484D594B743E41244D523
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." .........@...............................................@............`...@......@............... .......................................9..8....@...)...0......0...p...............................................................H............text............................... ..`.data...T&.......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Ping.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96552
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.101125548127868
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:47fyYP9J1fwwSctO9hswiUgYwlFbmj/gJR7SfNNJkZphyNVMifz:4hP9J1fZE9hsw4YcNm0JR7SlfuphyNVd
                                                                                                                                                                                                                                                                                            MD5:979452EEF74DA1EF02DDED73AD00E0F2
                                                                                                                                                                                                                                                                                            SHA1:2B213C43E085910EE1584D09FEC913837E00FE15
                                                                                                                                                                                                                                                                                            SHA-256:13428704A113F49B0D6A5324BDCDC47F8D725BD139600F0E8DB5A5DC37884680
                                                                                                                                                                                                                                                                                            SHA-512:4FA9F5FF0BAE7754A8F8C9044153157ABFCC687A1768C63830E2633BDAEDB0A86923E55CE36748AE43EC3B8E79E78C6E9E710290208442501EE248241244071B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....d............" .........0...............................................P.......D....`...@......@............... ..................................T....,.......P..()...@..(.......p...........................................................X...H............text............................... ..`.data...,.... ... ... ..............@....reloc..(....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):231736
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.473177149043323
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:AnDBNI7bgAZrgyBHSchuzeQ4Ak64myD6uJQ+Y6MFot5PQloV2O1wcdu:S7I7bgAZrB0cgeQe60RJNtN5V2YDQ
                                                                                                                                                                                                                                                                                            MD5:D8CEDA452779306A13FF2F310CBEFE60
                                                                                                                                                                                                                                                                                            SHA1:4447F82C5A1207B244A0AAEBCE3AB3530CD2BD81
                                                                                                                                                                                                                                                                                            SHA-256:93FA4AD1590D704DB6ECAAFBE2E388A5318212CB0A4CE435324EEE0268A11C56
                                                                                                                                                                                                                                                                                            SHA-512:7E736F6E0B57F5D527DEDB0B91291DD3EB1FB0324E5E349C4206A025FE3CEAF5B3E1F21F44653F9C6FCAA41BFD8742B4D37BC5B1BEBCD84378D2A52AE9A64F22
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...2e............" .........P...............................................`............`...@......@............... .......................................U.......`..8)...P....... ..p...............................................................H............text............................... ..`.data....7.......@..................@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Quic.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):280864
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.508318800576785
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:NpnhH0ESsuurvHsPNTiiJe7ryKSIqqTxM8uGljRc:LhH0ESsuMHsPje7rAsMwlN
                                                                                                                                                                                                                                                                                            MD5:1E9B9E443C93C2C10B5ED5A18A6F373A
                                                                                                                                                                                                                                                                                            SHA1:8F3D2DEA48ED2B29178BCDC998ADD696D101D5FF
                                                                                                                                                                                                                                                                                            SHA-256:24674D754F8DF968CD688EDB57D76CC0D19CA8556FB233B228DC43265F23AC65
                                                                                                                                                                                                                                                                                            SHA-512:42BF6AD8C6707F3924AF164F3ECA305678E39F5343C96EC1415D37D1EDADFC0CAC2A7BA619D16B721999909EA773221748905E0BC7A35C9DC641C06A8662DD3A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...4.Y..........." .........p............................................... .......)....`...@......@............... ..................................T....b....... .. )..........x!..p...........................................................X...H............text............................... ..`.data....U.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Requests.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):346424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.517886198613069
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:eDpG2K8Efzpt5rc1EGrt5e15/ftXIDndDpek+fs3CU1S5m:upGp8Efn6GG7enfsyHgCU1v
                                                                                                                                                                                                                                                                                            MD5:15453335CBB5A8C13B6C3579CB27EF44
                                                                                                                                                                                                                                                                                            SHA1:4290DC1F4674F46AF1BFCFA2CAEFDAF6E29D5236
                                                                                                                                                                                                                                                                                            SHA-256:2AF7C808F26966E6F607C5E64F8D0117301E0EB3BD830C0731C7B1C2811FEC5D
                                                                                                                                                                                                                                                                                            SHA-512:07C36FF474FB60609AD531CCA73B3ED3B6B7EE2F764DEE61F17108D9399EB07627D31585108BE25FC7161CF018893A0FD91BA70E0D1640D48F842376C00CB6B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... ............`...@......@............... ..................................t...p....#... ..8)......H...P)..p...........................................................x...H............text...j........................... ..`.data...=n.......p..................@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Security.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):669992
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.743467370555766
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:eXujiG31ToS7RD8B8XmDeXPRkUhIP1dD/m1p6X90QdsAYcNCyJ:eXRGneOkDDI6NVS7cT
                                                                                                                                                                                                                                                                                            MD5:346732F74DAD8A8D557FB494D5636E63
                                                                                                                                                                                                                                                                                            SHA1:3943BDF4BFB6E4F1A79AB5027BA7E2CC3A88FDB4
                                                                                                                                                                                                                                                                                            SHA-256:F8D695445499BCC4CA8A41436DF9167B3A730EE0FECF9DC2A40E998C769EB1B8
                                                                                                                                                                                                                                                                                            SHA-512:65E678314C4566823A491CCE1E8EF674E5B78CA1C11C67F86C4EC92FF609D7F66FE9B3433123387ED644B044B7B670BFFC490769C87A9A8D11E868999FA0B18E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ..........................................................lJ....`...@......@............... ..................................t...h....7......()..........8+..p...........................................................x...H............text............ .................. ..`.data...h....0.......0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.ServicePoint.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):47384
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.320340299131119
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:djM1jzxKx7KzNzY7okroiIpPMOWOYe9zHz:djM1jzsRKB6ovi6WdazT
                                                                                                                                                                                                                                                                                            MD5:92C47820207565CCDF190FBA0C055297
                                                                                                                                                                                                                                                                                            SHA1:4695E165E2C162393FF43BC86731C50E8AB2C380
                                                                                                                                                                                                                                                                                            SHA-256:613B5DC25C72833A5A75BA80C59CFB4CF5522C7A6AD39D2D27A005CEEA72C857
                                                                                                                                                                                                                                                                                            SHA-512:B0204A39FC18FD854517E3C90A7459151602F8B6142F622FF168E12C49EBAA9B9BB0E27A87CE708947FF17D526E12A41EC7958AB7A9DEFDC4FC0AA8C3D2596EA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`... ......................................................\.....`...@......@............... ...................................................)..........X...p...............................................................H............text...HU.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.Sockets.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):547096
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.628823968958786
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:ZZ1V7iKdtxaGNUL2Sdr5Nzv0SOFjdP0E/0NYv:ZZ19ietxaGDSzxOt6EsI
                                                                                                                                                                                                                                                                                            MD5:E4D73542713F8FB1DD0E7E5E142443CA
                                                                                                                                                                                                                                                                                            SHA1:2D4C8B35C2EFA76C1FE95D0107B40781C51E4EC5
                                                                                                                                                                                                                                                                                            SHA-256:928CB763462984DF68C19B44B41CF27D002F8B5CB4EF8BA8EB8A6F0602F6B2C8
                                                                                                                                                                                                                                                                                            SHA-512:204EC8A2D43C30F2673C4FC7E6543EA0CE71DDB56C0956B0B1B2D8B53A34745E12A09206D6D1B8A8CB019A3D69324DA068687DACCE87255F98421F3723D399FE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0...........`...@......@............... ..................................t.......|8...0...)... .......4..p...........................................................x...H............text...8........................... ..`.data...az..........................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebClient.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170264
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.42995613243351
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Pl6InCEQ8/qNIJ55jOpC2poY3ykJ9rijMFpR/8NM:QXEv/8IJOvpFFH8a
                                                                                                                                                                                                                                                                                            MD5:F87B4ABDB9661C494CBFC3A1A6F1939F
                                                                                                                                                                                                                                                                                            SHA1:5948DD100146C6E2966E5E57A967B990EB6D6D48
                                                                                                                                                                                                                                                                                            SHA-256:E92BA4FCBE48EB14259778EC442BF6330A85517D290675E02C7BDDF8C6752ECA
                                                                                                                                                                                                                                                                                            SHA-512:B3A55EFC33150937E48385DE402362C4112B51B78C6CFBEACA749997295C4B0CCC9BAB301F69F6C79E4897BAEB344FF273B7897D79489BB0C33ABE7A6A277045
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...GbV..........." .........P...............................................p......;.....`...@......@............... ......................................dK.......p...)...`......@...p...............................................................H............text............................... ..`.data....8... ...@... ..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):67872
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.782301099321138
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:/SmwVOWqRmRfYtHQ0Yx82s88krahmqOwA83qJKAFE6WHKV6q6G22N7XK6RH4wqY0:/ShAWqxbYx82s88krahmqOwA83qJKAFM
                                                                                                                                                                                                                                                                                            MD5:1F48CE4F560C515D93BE8E631C6639F6
                                                                                                                                                                                                                                                                                            SHA1:0CA5F7790AEFC8927B37149B8ED9EDCBDD054872
                                                                                                                                                                                                                                                                                            SHA-256:7E1855C9965554D7164BA73D355BCAC2E28C7E253D35D07F58F718B8CB037730
                                                                                                                                                                                                                                                                                            SHA-512:C2879328B25CE351C3DFDDE6AAFE1148BEC7499E261FD9FA6380026D17EBB17EC008F4E07F81E08DA90744DF8454FE479F45454BCDEDC105B35AC7316700C9F4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." ......... ......................................................8.....`...@......@............... .......................................!.......... ).......... ...p...............................................................H............text...J........................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebProxy.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43304
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4543981044661525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:n3WpvwWJRCJtK5ZkEun+JBTeZDeRbOkKsdEbCLv+CTFLfyO5Ei066gaiGkXYA6VS:n+jRCJWDKCEtOmo6jiJXFCl+ds9z
                                                                                                                                                                                                                                                                                            MD5:C77A9EC63CC7588D5C7FDAE75CA4BA0A
                                                                                                                                                                                                                                                                                            SHA1:912B2FB046EFC6152755A79CC4FB20A096F74483
                                                                                                                                                                                                                                                                                            SHA-256:B28FA5FCE149A161C1619A8C40A6B25F6FCB0F44E4C0580B721D38F024AB3CB8
                                                                                                                                                                                                                                                                                            SHA-512:6788378D707983AB8DB891E489E1169A214A9E54D400522D6E39FB89B4130A885213947AB3F3AB05201D5AA68B629912E68AB52A05438DD8272DF3C6DF7A08DC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...IE............" .....P... ......................................................I.....`...@......@............... ..................................t...............()...p..........p...........................................................x...H............text... L.......P.................. ..`.data...=....`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.037382679706859
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:p3Y1cu9IUexVQtU3/+wUpHK+yT7G7bw0LCEOsW8zu:p3Y1cDl8tVK+U67bw0LCEOsPy
                                                                                                                                                                                                                                                                                            MD5:F60FC5DF9579B7807A41F83996A92336
                                                                                                                                                                                                                                                                                            SHA1:F1DFFEF2B7B52DAD59C93B438CD8C9FC8237310B
                                                                                                                                                                                                                                                                                            SHA-256:5AF953EEE1E6B527EDB09EB3D51265A08BF0CAA9B57A1064176C7A726E464A35
                                                                                                                                                                                                                                                                                            SHA-512:A74D1D0AB4AE318792443D65B1E8F039DD63FEC0BF12E8C140C4C0DC5B28BC6760D17751D8C08C339C43ACF05FD42F6F68E625B7F4E45CAF31A14A979BE55050
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6&............" .........@...............................................`............`...@......@............... .......................................,..<....`..0)...P..x.......p...............................................................H............text...s........................... ..`.data...s!... ...0... ..............@....reloc..x....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.WebSockets.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):190752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.370812726125536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:c2OHqla+5t0nMuTBUuzyDbYCOi+dWuWVyRAIUQeu0IeW+domJM9wNYLbkbmvhZdu:MHqla+/0HdaO1QzIeW+doCmvhnE7mNxa
                                                                                                                                                                                                                                                                                            MD5:68AF5E566C3F92B8B5D435E8CF0E4C6F
                                                                                                                                                                                                                                                                                            SHA1:C29C05434C7CA82A0BF15A60CB2D4542483A51BC
                                                                                                                                                                                                                                                                                            SHA-256:5418618458AA64E2695F6F51F51101E0AF961AA884E37EF2CA4212513DC87912
                                                                                                                                                                                                                                                                                            SHA-512:47606C8E0B9642933A81221B91CBBF7FC06424EEF1A37581E5C165DCAC9279C145253CE34D32009BAECB80EF847013FDC355C343C4C7C67BF51843D6A2700CC1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...\9............" .....`...P............................................................`...@......@............... .......................................L.......... )......d.......p...............................................................H............text....Q.......`.................. ..`.data...O7...p...@...p..............@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17688
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.619310311563334
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:m313DLE8RCWovVaWWdX6HRN7IOO2IR9zJgIV:S13Dq+WLhU9z9
                                                                                                                                                                                                                                                                                            MD5:E1BDFB0A3C2077F217E94626A9C84D37
                                                                                                                                                                                                                                                                                            SHA1:4485FA68954A681EAB2A6C6BB5006645AA63FB39
                                                                                                                                                                                                                                                                                            SHA-256:18A45C63385C3F59BD8A503939E2E5C7CD327E2C03219A550E016D6A7CFEF468
                                                                                                                                                                                                                                                                                            SHA-512:8D004D51503A92DC1878853DCD028D7865F22392FE194DEE0CEF6DF0B0A0E040BD2F4D33F4F0524DCB130E39359AF9506A6D0F894CE3D6FD16AA54A2CC67C61A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Net.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............" ..0..............1... ...@....... ...............................#....`..................................0..O....@..8................)...`......./..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................0......H.......P ..$...................t/......................................BSJB............v4.0.30319......l.......#~..|.......#Strings............#US.........#GUID...........#Blob......................3................................6.....x.........................../.......L.................................p...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.720152735363345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yhliwxY2gWa0BWjsWxNzx95jmHnhWgN7aIWTFf/A81BHX01k9z3AZfzpqTJL:yhHbgWa0BWjzX6HRN78f/AIBHR9zQkJL
                                                                                                                                                                                                                                                                                            MD5:D548C14C3C17E640DAF27A76707F3BD0
                                                                                                                                                                                                                                                                                            SHA1:8318BD1AE48BFFF8D0C5609E511BC5C10C8DFE7D
                                                                                                                                                                                                                                                                                            SHA-256:D15A0768577C9E75A3D6FB94D580ED1E32994F4B971BECE03E6AD6EF7FD3518B
                                                                                                                                                                                                                                                                                            SHA-512:D57139F4FD99820FDA6BCFFAD86F818125678E7E543B2C68DFDA4EE0C3547E003B290B5DCE23ED43A6D9B3CC739159E151039BC8B1D26A851CCCE4DF287A0FFE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............"!..0.............n*... ........@.. ....................................`..................................*..L....@..................0)...`......,)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ..\...................P ......................................^..C...wn.|2..)..E..Z'...N.. ./..I....Z........a..PP..=F..=....i...... D..R....03...n.....[.Q[<o....q@...:V.....6E._V....y;BSJB............v4.0.30319......`...8...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v.................\.r.....r.....`...8.....0.......r.....r.....r.....r.....r...}.r.....r...........6.....

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Numerics.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15624
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.743391402121608
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:sF7xIOUCtWeQNW4pWjA6Kr4PFHnhWgN7acWOedNx6RMySX01k9z3AcyNaxQGEHo:K1fWeQNW4YA6VFHRN7edGMR9zPyr5Ho
                                                                                                                                                                                                                                                                                            MD5:C9FC19DB9FE74066786403B4829EC5CE
                                                                                                                                                                                                                                                                                            SHA1:12240200EC9DC0A64B141761DD2ECF7CCF4D4480
                                                                                                                                                                                                                                                                                            SHA-256:8CECA85D001CFBF974FA37ED8C64CF97B619DCA942501EFCF22D4F369BA42292
                                                                                                                                                                                                                                                                                            SHA-512:3FD206570AB29DAC923CAA7E1FBB32AE855D7814559534637EC381412CAD6AFB89FBAB99BDA21BBBA975554ECF5955B60D2129F5DECB50D70477E1A4BEC7A18F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.(..........." ..0.............^)... ...@....... ..............................+.....`..................................)..O....@..X................)...`......,(..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?)......H.......P ..\....................'......................................BSJB............v4.0.30319......l...8...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................'.f.....f...e.S...............K...........{...........`.......................G.....y.......-...........%.....%.....%...).%...1.%...9.%...A.%...I.%...Q.%...Y.%...a.%...i.%...q.%...y.%.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ObjectModel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):80184
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.8034670220183395
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:anwUGEl0HKXrgcCGfN2QSsMWrHGe36XWD09zgS:0Dl0SrqQN0yHGeqX0O8S
                                                                                                                                                                                                                                                                                            MD5:1E2A3C3FCAEE389C04D33C18F3B09599
                                                                                                                                                                                                                                                                                            SHA1:6BECEBD105CEDD72DA755A49720D79F23F43C3BD
                                                                                                                                                                                                                                                                                            SHA-256:447E24F4BFAB9D7F23DC204B632817DDF933AFD89222CB396402B471DFCA99D5
                                                                                                                                                                                                                                                                                            SHA-512:A2BA95117DC9937E60E304384107C09DBBD12EA1BDD3B6210D2088CF10A9A6AA8CC09C83522E54F9F884055FF7072CA4D231273B0DE0BD4E66175E865AB13009
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(:..........." .........0.......................................................u....`...@......@............... ..................................t...d%..........8)......T.......p...........................................................x...H............text...o........................... ..`.data............ ..................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.CoreLib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13175088
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.846434850139803
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:FdVXzmQ6u2Pf1F1HpwajX4p92QKxV36FChEqiPVGK5+k+uiCi:9WuuT1HSajXgJgV36FDqM5+tuxi
                                                                                                                                                                                                                                                                                            MD5:8B5EE62ABDB7B72F418D797FE73F2521
                                                                                                                                                                                                                                                                                            SHA1:77582007964CBB215278267691A255B63ABE5FFD
                                                                                                                                                                                                                                                                                            SHA-256:4CD6810B4EBE8D6E1F5928F2026D257C112380D33B557A60BCFA9C7F2BB012E8
                                                                                                                                                                                                                                                                                            SHA-512:870EF275E1E8D1607E2B22EB25F1F05F99346B54651BC119D809BF21F1A6F041EFF801B3B5E1FFBB1897975FEB2C3AA47B3699CC4C63ECA8E3E6A60387AB4BD9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...J.c..........." ................................................................}.....`...@......@............... ......................................(r..|.......0)...0..@...8...p...............................................................H............text.............................. ..`.data............ ..................@....reloc..@....0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.DataContractSerialization.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2083120
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7084204593562475
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:zEe18SlNT7q8K+sb8VI5fCImJ1MxOouLs32DL2v6EI6PN:zE8Riy6PN
                                                                                                                                                                                                                                                                                            MD5:3E4914FB86B55E766730BBA2CF5F9710
                                                                                                                                                                                                                                                                                            SHA1:AA6EABD6462F7898FDF34FA71355190A1B915F07
                                                                                                                                                                                                                                                                                            SHA-256:96C38BE90900D54FDE8D6DB1B3DE8377C07DAF21E99976D6A3474A9511E3EFC6
                                                                                                                                                                                                                                                                                            SHA-512:1B5749D910B8B5564F8D125A5AD62218B3BCFE190692D82F5101A8E53DC604060E3D9211B34EAAA6A9094C03529D6CE0196766AB5F266BEB8064B41314834EB8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....6..........." ................................................................X. ...`...@......@............... ..................................$....[..........0)...p...'..(v..p...........................................................(...H............text...;........................... ..`.data...X...........................@....reloc...'...p...0...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Uri.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):260408
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.615538060259084
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:AfAAcZcInBPKCeDc6Ci9MG3CMeVmtGNFsGu6MyXO:HFKDciMG3HamtGNfuV9
                                                                                                                                                                                                                                                                                            MD5:FADC9E1672EBA182AD57E6FF27DF1797
                                                                                                                                                                                                                                                                                            SHA1:774C74089FCEA3AFE0C7CA1A0B496C999392900A
                                                                                                                                                                                                                                                                                            SHA-256:DC01ED420EF427086F0057013D7AC1CAC07E2483E4CFC162D09DF1B64553892C
                                                                                                                                                                                                                                                                                            SHA-512:0650F9ED9C86103CC66871B4558BA9AE291273FF5E0DC0FA7468F3636AC6896CAA8C9EA714ED821B55A519C6E1B1F5BD26D6DC7196F8F2BBA6215F355A2BE602
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@.......................................................<....`...@......@............... ..................................t...XS..x.......8)......8.......p...........................................................x...H............text....{.......................... ..`.data....$.......0..................@....reloc..8...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.Linq.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):403768
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.602276363545423
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:oxERCkFa5oBSKGFCoMPxSOpXQgVuThCDCaY+zrZjzEOQlIZPKN:ouRZM5oHGhU/4WCt+z1ffZo
                                                                                                                                                                                                                                                                                            MD5:1BA13843CFE69115B69B9734F08D8C1F
                                                                                                                                                                                                                                                                                            SHA1:D16B4DE6A429D77A9B418E545072B6540AAE10BB
                                                                                                                                                                                                                                                                                            SHA-256:13602313FC8BF7F6BE2183DFE3F07B10CCE450566D7CDE619C238D05137338A9
                                                                                                                                                                                                                                                                                            SHA-512:382DA8E0580447BEF35B2813212634513B6F180664ADB7A3DE072D92FD9485495905A13A0A40319B2C0FF02C2A05549697C1A6BB651C2A42E9F172EB1D9BD68D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}a..........." .....p...........................................................X....`...@......@............... ...........................................-......8)...........*..p...............................................................H............text...vb.......p.................. ..`.data...Sd.......p..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Private.Xml.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7989544
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.802297198301812
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:CgB/y99HaDD1OMe3dpE/dhYw2knN5WUFX5cha:v/uaDD1Ox8YoFX5cw
                                                                                                                                                                                                                                                                                            MD5:E166C44D116A2A649FB8BF58B8DEAE69
                                                                                                                                                                                                                                                                                            SHA1:E66C37FBA5E3C405DD21C464343B87E173F1FB45
                                                                                                                                                                                                                                                                                            SHA-256:79CDAEFC221388C3E5B9AFA137F8E4A44366CAC0CCC617BF1F5B6CA0DC95F3F3
                                                                                                                                                                                                                                                                                            SHA-512:852C80299D20B6D5D7EBCA7C3D76DA1EA36CED6274374AF8ABD8F484C356321090E784F8C5E8357D1B4F6AC49DD48F81A6642D0D95682BA92C50E07EC25A20EF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......s...................................................y......z...`...@......@............... ..................................t............y.()...Py..h.....p...........................................................x...H............text.....s.......s................. ..`.data....Z....s..`....s.............@....reloc...h...Py..p...Py.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.DispatchProxy.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):76048
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.943118914884181
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:2NTs7klOJRVNvKzBMuSxRWHJQZYoqNTJodiOEp4z0:2VxlOJXNvKKxRWnNN2xXQ
                                                                                                                                                                                                                                                                                            MD5:202192E1AEDBDBD47B4C755227C9F174
                                                                                                                                                                                                                                                                                            SHA1:FB61C5557319FA1BBF82302AEF46C331EFD8348B
                                                                                                                                                                                                                                                                                            SHA-256:F625AAE4F7A839B16834764BCDEC5F8008A5171AB1AF77277B4861B077078D25
                                                                                                                                                                                                                                                                                            SHA-512:EB87E36BA74192A177D9649E3B583A72B15C8AC3B8ECD991A56D449EBE99E2CCB3D667FB937055623584EDA6B271658784F9BBB51343843D3317F311C2980154
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........0.......................................................2....`...@......@............... .......................................$..|........)......P.......p...............................................................H............text............................... ..`.data............ ..................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.ILGeneration.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7440217236656395
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:EXWj9xP9WVTUWDeWxNzx95jmHnhWgN7aIWjYe2YHnsTX01k9z3A1Rrn:vjH1WVTUWDlX6HRN744YMTR9zUR
                                                                                                                                                                                                                                                                                            MD5:AB6EE54636B88E5FE0DADCB9F24D907D
                                                                                                                                                                                                                                                                                            SHA1:FAEDDCC767249EF0208A907DB50ECAEF1AA1F91F
                                                                                                                                                                                                                                                                                            SHA-256:7C85F57B009B38E7F62DE0437A652966DB39134DC95527E3F60EA1B3334E23EA
                                                                                                                                                                                                                                                                                            SHA-512:5131F86CD07BF1BD434E039EE7F0BBBFDF772F5C01EBD6F0968B5E6E5567F0C4130E7621B7D4489698A77BE6543D256ED4217CDA84E9178ACA1FD0F70E507DFE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0..............*... ........@.. ....................................`.................................?*..L....@..................0)...`......4)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..d...................P ......................................V{.U^i..7`..8.Q.Tw.YZ8......\@9...7C...L.....v...y.%.....-...l..>.*#_.........[...+...d@~....Pu.j(...lt..........O../BSJB............v4.0.30319......`.......#~..l...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.....!.b.....b.....7.................b...[.b.....b.....b.....b...B.b...O.b...v.............

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.Lightweight.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.719210609725614
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:7nnux2kmOWxEVJWWWGkWxNzx95jmHnhWgN7acWE1AJvxwVIX01k9z3AXaKrPDs4Y:wpWxEVJWLSX6HRN7T1w9R9zEFrbw
                                                                                                                                                                                                                                                                                            MD5:F6781A08C2B18C6D751821744820B6C4
                                                                                                                                                                                                                                                                                            SHA1:F10227DE4488F3E6E753D4FBD1D1C017A5E23205
                                                                                                                                                                                                                                                                                            SHA-256:9356D1216420F334FF6DE21F1ABC93609EC7B037471453EC722DE89CEA954D45
                                                                                                                                                                                                                                                                                            SHA-512:1270DB17862A22352BC8737B88B33C4FFD03146F2DEDE9F8DDB144D1F26BB8FFA35183FF9E99EDC408D7E14524D4C6CF82E833B4992446C982778A842C050D23
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ss..........."!..0..............*... ........@.. ...............................D....`..................................)..R....@...................)...`.......(..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .........................................>..B...u....z......q..p...h.ea..U.1M@..)4..y...z.W.+..qJ...Sy8...F|.......W....?e.c2..........`...,.2.eS.R.......1W...}`BSJB............v4.0.30319......`.......#~..4.......#Strings....<.......#GUID...L.......#Blob......................3................................................0...........I.k.........t...../.E.....E.....>.....~.....~.....E...i.E.....E.....E.....E...P.E...].E.................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Emit.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):129312
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1169104642443894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:qShk64jKiEAYbKatyLJBsVkrc10FBR7yqwA:y55fSe7sungq5
                                                                                                                                                                                                                                                                                            MD5:F3C93B3779D56D80D784BA712A74C9FA
                                                                                                                                                                                                                                                                                            SHA1:AED1E91233D0DFD1937354D4A94C5447B87259BC
                                                                                                                                                                                                                                                                                            SHA-256:5BE721DD3FEB1E56284390D592B81C1885F50BBEB567C53EDB8DDC1CD3210DD4
                                                                                                                                                                                                                                                                                            SHA-512:A1CEC4E076613695FCA1336B4C40F4EAE2F049CA5CEE522EE4082F3BF74C3704DF41655E00A806365A216110A7997DA0375DF74F5CA58FF072647ED80E352BDB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....+)..........." .........0......................................................3.....`...@......@............... .......................................+..l....... )..........0...p...............................................................H............text............................... ..`.data...Y........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.793667220027114
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Vv8XzrxAlvUWKZWWGhpWjA6Kr4PFHnhWgN7aIWxn+EYHnsTX01k9z3A1Nmjl:VEDlAUWKZWWOYA6VFHRN7qpYMTR9zUc
                                                                                                                                                                                                                                                                                            MD5:92E0E5A63D25B9C3AE3983FD1B126A8D
                                                                                                                                                                                                                                                                                            SHA1:AF7095C2D4D58A19F205ACEF1019064905F44EF5
                                                                                                                                                                                                                                                                                            SHA-256:F006C1DF74494ED22ED0ACE97F4D3D1A8B2B5C65DE706D201B76146FDD5EA6EC
                                                                                                                                                                                                                                                                                            SHA-512:92A3F172F88E4BCE2B7651801D7FBDCC7C5BBFC242D60FD416EC6DDDADC4E0BB98ED24979B0FCB008B220D7EB93EE45C4DC39E4B030A4F9F23AEA94FC8ED82CC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............z)... ...@....... ...............................=....`.................................%)..O....@..................()...`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y)......H.......P ..\....................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3......................................................x.....3.....4.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Metadata.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1116440
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.644311003487164
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:/3e0zkmiwp8+2KFhA8WDlLeO9om5EoA/mSdWDURfeGWFbrWuoDzAVdrN:/3e0rdp8ihocOWm4/iamGWFbB3N
                                                                                                                                                                                                                                                                                            MD5:64E6830F63DE5F8F82A4F45BB5AAC4E1
                                                                                                                                                                                                                                                                                            SHA1:3834E21EAF634DD532FC3D77B9F2449BF9F384CB
                                                                                                                                                                                                                                                                                            SHA-256:A82DA76C39DD2287B580986C9D21E7405E3B9D43953C1856AD9036E117462A2E
                                                                                                                                                                                                                                                                                            SHA-512:EE57142DD8A3036F0D545408FD68B325FA614615412E94F49536C391C009809EEA17E17BA3581A8DB4C2A56DD3E761A21A7BA3458E537F086270A45099504928
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ................................................................Ny....`...@......@............... ......................................@...........)...........W..p...............................................................H............text............................... ..`.data...A...........................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.781423994083627
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:giSI4jCaxPtdWSx+W3pWjA6Kr4PFHnhWgN7acWbRQRfKDUX01k9z3AyCWtQG:GPVdWSx+W3YA6VFHRN7PpR9zldtQG
                                                                                                                                                                                                                                                                                            MD5:92BFDBCC5A2A2BC7DB8AB7A1D759B827
                                                                                                                                                                                                                                                                                            SHA1:09C260B069057E7EDA73BAFB78DB6F5A5968F5B1
                                                                                                                                                                                                                                                                                            SHA-256:081035E2019F5614F08BBEE64BA2D4B93958A6F1F6EC7CAD305109519DB07C9C
                                                                                                                                                                                                                                                                                            SHA-512:C43D173D96D9743A5917F02F4299A36A15C99252C271DC5076EF80DA0ED06088A8300DF7F31301F937E641E6B91FAB7AD1F5F0B6A57AE4DEF5196884F71F1ACF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........."!..0..............+... ........@.. ...............................8....`.................................5+..V....@...................)...`......8*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p+......H........ ..h...................P .......................................5....To.*.r..+L@el..... wO[...&...BC...|(.u./.z.N.~.#.....Q7....(.~>H].L....%C..n.P........L.>.D9....s8....'.......?..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y.................?.g.....g.....`.................g...y.g.....g.....g.....g...`.g...m.g.................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.TypeExtensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43312
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.201190108733127
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:oCWmBeW8p0YckPuTNRyVP0a+SKuD6tdjRGxX6HRN7j81zxIPaR9zEa9:o4qckWTwD+juw6Wj81zxOW9zT9
                                                                                                                                                                                                                                                                                            MD5:E58204BCE15E07EC0E3A9E1BE50DE9FB
                                                                                                                                                                                                                                                                                            SHA1:E9EB5D8BA8AB976B0FB4A8A267898145DB7BA2F8
                                                                                                                                                                                                                                                                                            SHA-256:1C5AC607683FC37DCEC16FEDD9360DDE2A214444596E3C2EA922EEB0C5E22EE9
                                                                                                                                                                                                                                                                                            SHA-512:D38BB77B4E253748E18AAABF8817A7CFFC802A5E42E889107A8763B1833F4550D313EBEBC7290079023A4617E1533D2CA3F78A2017908901B0A50496EB589BA7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}............." .....P... ............................................................`...@......@............... ..................................................0)...p..........p...............................................................H............text....G.......P.................. ..`.data........`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Reflection.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.685947251423688
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:y+CkNQKYxA7qjWhFCW0WxNzx95jmHnhWgN7agWBBXLrp0KBQfX01k9z3AA7OfL:ytjXjWhFCWbX6HRN7oRxB+R9zpifL
                                                                                                                                                                                                                                                                                            MD5:6AD5CAD80276892BA4CC02B27E85BE12
                                                                                                                                                                                                                                                                                            SHA1:7333C6F4682AD9C77D9FC319DFA48372A5CA321A
                                                                                                                                                                                                                                                                                            SHA-256:ACD8F3EA0B145517E9DBE2D276B174DF4C7EBAAE28ABA62EE2303A8AFC83235F
                                                                                                                                                                                                                                                                                            SHA-512:5C010AC745B3DBB5D22149DC8C373B2ECC9D9EB38566714FF23119C4FB0BC03B4A49607DFC073DE5912DBD8B4583E80C1E528CD5710C1865CD1CD18CC7CC08C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ...............................T....`..................................,..O....@..h................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................4+......................................BSJB............v4.0.30319......l...l...#~......|...#Strings....T.......#US.X.......#GUID...h...|...#Blob......................3................................"...............M.............................q.6.../.6...........6.....6.....6.....6.....6...m.6.....6.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Reader.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15648
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7745107157816
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:nhDOxAmBW4+3W27WxNzx95jmHnhWgN7agWPDucADB6ZX01k9z3AqRariR:OfW4+3W2UX6HRN7EucTR9zlRarM
                                                                                                                                                                                                                                                                                            MD5:B60D236051B2ABCB66F74C4812223C62
                                                                                                                                                                                                                                                                                            SHA1:8786DC5545047F56D1C909265841212C203ACE2C
                                                                                                                                                                                                                                                                                            SHA-256:4EE54B35DE61268A3C9DB9A80DB5F005B49C134F5E9CEDCC0B31CDC2D120058C
                                                                                                                                                                                                                                                                                            SHA-512:93873F04B3C5B8F962DD376DD7A3B0672F85F086C5E8BA08478488740D8DCE9D77679B8524E210CCF4F2386D8CE5CDFFE17C2709C79897C7F477A6ACB4D59AA5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`5............" ..0..............)... ...@....... ....................................`..................................(..O....@.................. )...`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................\'......................................BSJB............v4.0.30319......l.......#~......h...#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................%...x.%...3.....V.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.723144015881292
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:PaO9uvWV6zW+mYA6VFHRN7DgFDR9zTPUz9/:Pl9unPmFClDkl9zAz5
                                                                                                                                                                                                                                                                                            MD5:066BB1ECF94BF9C15F39A89C55AE70EF
                                                                                                                                                                                                                                                                                            SHA1:B711BBAD6052C4BB53D8BEA0DBB9FA64B3402DDB
                                                                                                                                                                                                                                                                                            SHA-256:78EA4958BBA58923073533245EEC77810C34DE5C4D7F8FC5F2DCB20503C39068
                                                                                                                                                                                                                                                                                            SHA-512:610558F4B5CF6F72921B3BABE28CA842EFCE97A85FA4FABAD91FB8EB92ECBCF5154A52E185965347974720D0E377239DCBEFE00940F4F28BA78A6438A8B5547D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0.............n*... ...@....... ....................................`..................................*..O....@...................)...`.......)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M*......H.......P ..H....................(......................................BSJB............v4.0.30319......l.......#~..|...,...#Strings............#US.........#GUID...........#Blob......................3................................................9...........U...................A.....A...........A...r.A.....A.....A.....A...Y.A...i.A.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Resources.Writer.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):51464
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.757823712774265
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:tIc32LPcTNq2irs+I3312/gb04IhFCloU9z64:tZGLkxq2iy3F2c0Rifzl
                                                                                                                                                                                                                                                                                            MD5:474F5DACA75A68CCB27640CA24FD360A
                                                                                                                                                                                                                                                                                            SHA1:68A5F5EF287E31046B5B90C58DD4D9727E0B1E1E
                                                                                                                                                                                                                                                                                            SHA-256:9175EF26F74399E465C8053B142704EFD03727FE9837A5EC608433A417DFE326
                                                                                                                                                                                                                                                                                            SHA-512:E5620657ED62AA0C71ACF5E8FEC0ED47857C7776868D2374A5F48ADC9AC7F2D4DB46B055C4C9732BF315EDA9FFF78F9347570B7A2AFF6E25D9602CA8647B1D88
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....[............" .....p... ......................................................!.....`...@......@............... ...................................................)..............p...............................................................H............text....k.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.804784998922409
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:m7xAvH5HmWgJ2WQkWxNzx95jmHnhWgN7a0WECSj9BtaFFX01k9z3Ay3myt5D:MCgWgJ2WQLX6HRN7JCc9WR9zBT5D
                                                                                                                                                                                                                                                                                            MD5:C491FA202B388C62A783E9E7B8219531
                                                                                                                                                                                                                                                                                            SHA1:4DB62FCC3451FE365B96AC8F6AFB8B36A310D0A7
                                                                                                                                                                                                                                                                                            SHA-256:2DC6D8D20AF5A36257AF1E816F289F3F21611E811DBE9AF20966E5D4E701B7E1
                                                                                                                                                                                                                                                                                            SHA-512:2046C41F7F5CD99020FA5784B8656636CE6AD2EC35295AC580704314622841812F4293C08847C01AE2DB833AEAB4DF2DF59BC33812423121FD1DFC9FF42A04FF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J)... ...@....... ...................................`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................))......H.......P ......................h'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................4.....4...Z.!...T...........@...........p...........U.......................<.....n...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):31032
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.668485682155773
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:eWsCLWChjxoeaVEEfX6HRN7hq+GkELRPR9zjOCI:NBpapWhqGQ9zK3
                                                                                                                                                                                                                                                                                            MD5:511A6CD95CB5E50ACC7C7B97F8DE3531
                                                                                                                                                                                                                                                                                            SHA1:3AE756447C028A59CBCFB20CEF96483337DE4B5B
                                                                                                                                                                                                                                                                                            SHA-256:2CF2328B2BB67EFB7A4021E6B1093282826A7D221BD3B3B57C145E5E13374456
                                                                                                                                                                                                                                                                                            SHA-512:033E5553663D65A66007021D5773BB3046C2B24D51A991C83E1B025170E9D04B910273467CBAEC9CDE12B79DB10E2C9685AF5722BBACD603EEEA5ACB565F4788
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....b{..........." ..... ... ...............................................P.......6....`...@......@............... ......................................$........P..8)...@..........p...............................................................H............text...~........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18224
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.562338179216365
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:5/Sj5rt9x+vFW8gNWXNX6HRN77pGR9zqYI:5qj1tSOIW7Y9zPI
                                                                                                                                                                                                                                                                                            MD5:33FB9BBBCBA3E7BBBD7BA9216958008B
                                                                                                                                                                                                                                                                                            SHA1:7660B39FDF52E35EDF106D6900F2C7862121EEA4
                                                                                                                                                                                                                                                                                            SHA-256:C31F0812B87812A10627C8603CA265E1A33927047134B1DD5CE69356869E250C
                                                                                                                                                                                                                                                                                            SHA-512:D51FD4D60B53C8BD23BC285FF34C447CEB517C3E402A8D61DB397996C3800F268B4F0ABEBEAC12BF42B608506EDCBF66CC4A27E46C0842B9BA149DAB61E5F01D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............." ..0.............22... ...@....... ....................................`..................................1..O....@..................0)...`.......0..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ......................l0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................I.....3...................................................i.v.........N...........%.....B.....5.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Handles.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.814505381555342
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:6lfzxAd9sbIWAZmWwXWxNzx95jmHnhWgN7aIW2a3YHnsTX01k9z3A1yb9:AftoObIWAZmWwYX6HRN7+YMTR9zUg9
                                                                                                                                                                                                                                                                                            MD5:5E4C20E0A38D62A629E7009686E20264
                                                                                                                                                                                                                                                                                            SHA1:27459AD6B3431B3B522CBD4AF7CB8DA84618353D
                                                                                                                                                                                                                                                                                            SHA-256:FF10134A6AB7612D6AA2A368B1C6F3173A30CBB1ABF8D517C97895DE72132F2C
                                                                                                                                                                                                                                                                                            SHA-512:5F11D193335F8556E66A040B1D29B18BEEDEB2F3FF1DE4E59D278E9B9E45464F9B5389C7815DB5A8889BCCB754F9B7F6E58B4535FF749CC33FF701B43516CEDA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..............)... ...@....... ..............................z.....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3................................................(.`.....`...f.................L...........|...........a.......................H.....z...................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(...y.(.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.JavaScript.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):51480
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.96736494913135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:bOxGMiFMwIIARptGdwWxroe+MH1Q+k71pb52BWAD9zh:bOwMiFMwIIAR3GwWxUezVzkjbeWApzh
                                                                                                                                                                                                                                                                                            MD5:B3CBC3F39F271F7E23A0959D2C4A26CD
                                                                                                                                                                                                                                                                                            SHA1:FD29277A423DF0E2C107E3C306228C665767E99E
                                                                                                                                                                                                                                                                                            SHA-256:B5415B6BE10C1E87BF8FAF4206471EAD93E0AA4F445CA8CD9F35B8EAF8158D90
                                                                                                                                                                                                                                                                                            SHA-512:A0D7B80F572ACFA60B92CBBDF06EDE4050944281D96E419DED9C014DA085387B2A9D841BC28E5DC88562BF92720E6AFC516E744E16FA4E9C4E6E1C173CEC744E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....m..........." .....p... ......................................................._....`...@......@............... ..................................$................)..............p...........................................................(...H............text...Zg.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.847005993457445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:K7e1enxAbDNrWHDUWMqWxNzx95jmHnhWgN7a0W0kzj9BtaFFX01k9z3Ay3mKPUpc:KCUxQBWHDUWM5X6HRN709WR9zBbMc
                                                                                                                                                                                                                                                                                            MD5:13D864886ED9DAF09E800B3851B4A05E
                                                                                                                                                                                                                                                                                            SHA1:5F7DE3337CD71E167B6D70626D29DC7139AB765C
                                                                                                                                                                                                                                                                                            SHA-256:357797FEA3E2F1FAE6DB8F47AA096BDC35707BEB16EA912019877812708841D4
                                                                                                                                                                                                                                                                                            SHA-512:F561129CEEB84C4C0AE1C605887907E9ABA9BF20A5107828F706D3A5BD075C87C918B0551845208D81A1AD65CE7844044187430F943EEF8253FD257AC6E937F7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C./..........." ..0..............)... ...@....... ..............................&.....`.................................{)..O....@..h...............8)...`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3............................................................@.O.........k.....&.7.....7...V.....l.7...;.7.....7.....7.....7...".7...T.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I...y.I.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96544
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.028171254215127
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:4o6MupEelCtJfKS6+67NspnSPM+l5+CkmVhKWHOiOyzUizB:4o6R3lCto+dSPM+rJkm7NOxMUil
                                                                                                                                                                                                                                                                                            MD5:1DF866F691DEF4290407F5CF01B996AD
                                                                                                                                                                                                                                                                                            SHA1:B2BA5AF3F80AAB63EF2FECF6341B44DEAE201AC1
                                                                                                                                                                                                                                                                                            SHA-256:127EA3F2FF47CEA14C082B2ED22066554D22C9D8F97DC0D403B17042FAC62A5B
                                                                                                                                                                                                                                                                                            SHA-512:6F96AEC2ABF7F6E96B7699F67CC8547334277C8E502E6ED357713C54B68FAF264B1843EA42E6AB0F7C6AD7DCC1098B9042E1D5F15E93DB6F8D346F613D1F6A1D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" .........0...............................................P......>.....`...@......@............... .......................................(..\....P.. )...@......`...p...............................................................H............text............................... ..`.data........ ... ... ..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Intrinsics.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17208
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6141833133111865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:JYzYQZrDroWmyLWyoWxNzx95jmHnhWgN7a0Wdd7/mcj9BtaFFX01k9z3Ay3mIamu:JYkA3EWmyLWyHX6HRN7k7/mi9WR9zB7I
                                                                                                                                                                                                                                                                                            MD5:66227035D9417A2E4B4FA6598FEA969C
                                                                                                                                                                                                                                                                                            SHA1:398C254B721337177A5BB236D49CA6E2B218095E
                                                                                                                                                                                                                                                                                            SHA-256:3A18C5B41B723D5DABA3088D621D4EB8DCEB97FA9B2C4A850D54FD4381DC3C22
                                                                                                                                                                                                                                                                                            SHA-512:26D4059CB06967641E5A935B36A7AB50FCCE0B7374E62BFE275B2C138B46ED9B8CF1E4B1F7C029586B8D9DD913F736EEED8C7E489A5FF682AAEF67DC2202E0E5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{............."!..0.............~/... ........@.. ..............................^.....`.................................#/..X....@..................8)...`......,...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`/......H........ ..\...................P ......................................E....H.m`.D...&....z../.....~..%....A.:.~.bX...........d.kS..F.z...z.......*.....(..a .L.J~,&_kh.I.4..FNO.{B.-S.e.S.....j....BSJB............v4.0.30319......`.......#~..P...d...#Strings............#GUID...........#Blob......................3................................M.....I.........B.$.....$...[.....D...........A.............k........."...........{.......................b.....o.......$...........

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Loader.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.74808977719352
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:pDUElhzxNeW5ZGWnWxNzx95jmHnhWgN7awW59FeHqj9BtaFFX01k9z3Ay3mRcbe:dUEl38W5ZGWoX6HRN7g9EHk9WR9zBK
                                                                                                                                                                                                                                                                                            MD5:4ED4A34C35F7B26E8E246D16C2DE6A53
                                                                                                                                                                                                                                                                                            SHA1:2FD8657B37AE7750FE1CADC7D555041063CAF821
                                                                                                                                                                                                                                                                                            SHA-256:F106DF84A047BA38B018AB7BBA10E2D2D6B2A5FFE5762CE8208C339AF3BB21C6
                                                                                                                                                                                                                                                                                            SHA-512:3A7CC11E455ED511313366B5A2527BC52698B8958E9E7E20B56768C9561D10BBF13A2D327AE0467A5DC64F7643B8D16D6A65CAE1C4E1CED6F62360C9C535F90F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pp............"!..0..............*... ........@.. ...............................;....`..................................*..X....@..................8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .......................................1cc=.m.y-v..Z......9,.....8.5.....R..k.....tk.MM.i....s.^.Qx.D#$..t...3......@<........gy+.n.....^...#W....$b*2..b.C...BSJB............v4.0.30319......`...(...#~..........#Strings....0.......#GUID...@.......#Blob......................3..................................................P...X.P...p.....p.......v...V.....z.....).......1.....1...?...........>...............................P...........

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):330024
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.652134966205565
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:K103Ufy7eeqvaM7BWp5lsQV57Q5t9dtIKcB9+:K10kfy7eeK7MlRV574t9dtUz+
                                                                                                                                                                                                                                                                                            MD5:3ACFFC369AECF966DD9C9E1F6FB966B6
                                                                                                                                                                                                                                                                                            SHA1:AA0A79D6AA6760A71B2A2E47E03BE0A43892FE1C
                                                                                                                                                                                                                                                                                            SHA-256:55D0E21E8AD1F851E0803AC655D9FCA5BEDA6692592FEE421C179AF64109DA43
                                                                                                                                                                                                                                                                                            SHA-512:DFB97F5F791CBBD7C308754BBEB4D63A0AFF098313113B931E74CF824F67B765D3667662840BCBA8DCC9BDB07960D83408B7227A1749A6905CD1851C7C0F15D8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@......................................................\J....`...@......@............... ......................................hn.. .......()......p...X ..p...............................................................H............text.............................. ..`.data...-#.......0..................@....reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):309544
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.565288812451409
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:lzv7WOXu33WPEei5EZNqHRk5XDiio9gZbzZYNAgk74dzzKL2zLjRByB+dhBDIoca:rWLtBxTDhcnFUB2aKg97zc0
                                                                                                                                                                                                                                                                                            MD5:5D3970DB4A500B2349BFA20B83BD69E8
                                                                                                                                                                                                                                                                                            SHA1:A4DDB5936ABE75A46A83A293771B2434E3C47A83
                                                                                                                                                                                                                                                                                            SHA-256:748CCE10A02BBF3D24A1C6D7FEBFF0E5A8E7AE2E9C423BC904643B8D54FE6297
                                                                                                                                                                                                                                                                                            SHA-512:3F57F56FF97E63FA130A204DA1B63811D0B77EEC9B41A70F12204855B395CAB6C6169972C20B149DB4EF6148313FCCBEAF6FDEC5F228EDC06400711F6E9C0275
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....I..........." ..... ...`......................................................+9....`...@......@............... .......................................i..`.......()...........#..p...............................................................H............text............ .................. ..`.data...'N...0...P...0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.748110626945014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:JkByVWbuodB5W+GYA6VFHRN7ykhpR9zldp:JkByWVdBRGFCl3D9z1
                                                                                                                                                                                                                                                                                            MD5:44DBC666AD269986DA0AA1D4870DCC43
                                                                                                                                                                                                                                                                                            SHA1:787AFE4CF6DA55E71A0BB946CCF9BF41FA0FA284
                                                                                                                                                                                                                                                                                            SHA-256:53BDE641865F6240C7C7228809953607A2609B72D096197EC07495E44686F87F
                                                                                                                                                                                                                                                                                            SHA-512:663BBD7021ECE6A80CE2E9A02AADA4EB5EEEE54155DEB5E389F28C3E45E7D4E31CD2E1C8A49D4F626CF5AC226B416C975AD76F0F4B4E8B756D136D950ED5019F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............*... ........@.. ...................................`.................................W*..T....@...................)...`......P)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ...........................................!....Id|....I.;........( G.h...Fb..U.<A..YM...s...<7.i)h.'?.....]...-...c.+.?..P..mR.="..^......Y....(y[.qK..u.f....zBSJB............v4.0.30319......`.......#~..x...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.......O.....O...a.....w.O.....O.....O...w.O.....O.....O...G.O...I.........................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):39224
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.151825928966964
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:tHWFISJBrW2ANFdBha0I5qzv80n+a8+gEOR9pnUkO2akIGt6HHD9ax15JRXSCX6r:tqxJBgjaVyU+g99pns3KNWw9zn2
                                                                                                                                                                                                                                                                                            MD5:977C08FFE5527A368DD5DC4F6E5743D5
                                                                                                                                                                                                                                                                                            SHA1:A9BDBEC552469651D6B74AAAA211DB2895BAD869
                                                                                                                                                                                                                                                                                            SHA-256:1439D12A15B1745DAC140FBBC659638D665A86F7ADDA6B4369D9F50E008256A6
                                                                                                                                                                                                                                                                                            SHA-512:0A588E32424B43D3EA74A7A8FFD7F54BD069F4BADF7A4C134DB8A8A25EBC49FCB472A3F76CC08FC2C9FCA026AE8FF6E05A2C943E45D757B09447C105343664D8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w+............" .....@... ...............................................p............`...@......@............... ...............................................p..8)...`..,.......p...............................................................H............text....>.......@.................. ..`.data........P.......P..............@....reloc..,....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17200
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.683002357395069
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:awskrZI8NuKRMWsBfBBgWP5X6HRN7Mz9bt5R9zEx3g:6krZI8NuKRiJBBTWIx9zP
                                                                                                                                                                                                                                                                                            MD5:992AA05D8ABFFC669C94BD88A399D792
                                                                                                                                                                                                                                                                                            SHA1:916EF573E5D82591100DD06C6A6FA8C80A7418E8
                                                                                                                                                                                                                                                                                            SHA-256:D37E6A8F6B3882C3F601C80880E6A9721C42A175C29F553695B42C16774585B6
                                                                                                                                                                                                                                                                                            SHA-512:087F0A38A67246FADB517F54A0BEBFD11D7725D90960822137FAA82A3661FD18033C9761E70BB24D7551C84902D07721E2D10D1C8250BB51C53385136F78485D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........."!..0.................. ........@.. ...............................5....`.................................M...N....@..................0)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..x...................P ........................................"...;..%..;.......L.Q.^2~.m.o/6...."....8.jQ.>.fn..*....b...>.?+.J.[...p{.+.So...z..f...0..T....>V.Z.ug.9..4.....;\...)BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................"...........................W.a...............=.............Q.........R.......................9.....k.....m...................A.....

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.Serialization.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17192
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.684282851066347
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:LkXP2tNCj8N8LWgMr4BHWGYA6VFHRN7GkELRPR9zjO0jQp:LkXutNCj8N8Po4BlFClxQ9zKhp
                                                                                                                                                                                                                                                                                            MD5:1B4D714283918CC3F29285ADCC30CAEE
                                                                                                                                                                                                                                                                                            SHA1:FE85DD75367C8AB9AA9CD6430C553A18237C1F8C
                                                                                                                                                                                                                                                                                            SHA-256:06CD0BD2011F05F72D0F413489443354D7946A33F6B78B1DFDC939A8F9080696
                                                                                                                                                                                                                                                                                            SHA-512:314EAA273347B7A28DEACB78E25D6495090E8DC5594C3CF443DE7D5EB748014B37EA19BA36543FCCC7FA6CCB1C259E33AAF662B05AF3F824B8717E67E555884E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0............../... ...@....... ...................................`.................................y/..O....@..................()...`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ..............................................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................~...<.~.....S...........Z...a.;...{.;.........#.;.....;...0.;.....;.....;.....;.....;.................3.....3.....3...).3...1.3...9.3...A.3...I.3...Q.3...Y.3...a.3...i.3...q.3...y.3.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Runtime.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43816
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.851306072446327
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:2+1fsSED2vCeDQvRzXB3gWql6375IVxedktN7xPBhwsR/JG39QRoNvsh2JcfoDLu:KB/LuYdy50b4b7RSHTSkingzIh
                                                                                                                                                                                                                                                                                            MD5:DAC7D72763E59A64C0D706325B747D92
                                                                                                                                                                                                                                                                                            SHA1:5890F0EE30B86E01AB55D6017261554D16F6C916
                                                                                                                                                                                                                                                                                            SHA-256:9C506C9347F872C3375255F744DCF83B71A96FF71CBF4A19B39873FA22F73C22
                                                                                                                                                                                                                                                                                            SHA-512:4218CA96D6D2D4E24E3B6A70A87890A9035156D522D217F48999870F644548A7BC5C09B78B23DE41C5974C375F9D03ED49054A173B4230AE835FF808469CE50A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..x.............. ........@.. ...............................y....`.....................................V.......X...............()..............T............................................ ............... ..H............text....w... ...x.................. ..`.rsrc...X............z..............@..@.reloc..............................@..B.......................H........ ...u..................P ........................................!..d.?..:9.S...J.!j.op<.\.M...=...hQ.Y.5.../...Un].......)<..E....H..Ltf.'..*......R.....b.~.. t!...]....?..F.4.RBSJB............v4.0.30319......`....2..#~...2..T@..#Strings....<s......#GUID...Ls......#Blob......................3................................{......#...........6..`..6....m6..(7....4.. .....%.....%....m#.....6...!.6..&..%.....%.....%..s..%.....%.....%.....%.....6..........

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.AccessControl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):231696
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.491225217557608
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:7XHFwjow9j0rKu8bmb3KD/L8V8/6Xe9QF+wVkjoxFwGzXGA/+PXuPXpP:hwjow9A4bmrA/mtFdWfuPh
                                                                                                                                                                                                                                                                                            MD5:AEC18CE525B03B3359FBC19E00D6FDED
                                                                                                                                                                                                                                                                                            SHA1:F69D5504D3A4107B43E743FB714B2EE8C340178A
                                                                                                                                                                                                                                                                                            SHA-256:DE77B6A860B6D1E9DBB6E260EF352AA9981A4A76C18A3BD144A6F8F041BBCF64
                                                                                                                                                                                                                                                                                            SHA-512:0D7BC1B94563186D36276E57FAB09D85F1269BBA230331077F61C8E96F53A0F97B99AFA6E6859C8A0F378C2B44979B2098C3841FF639B134041459C69FCE985D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}............" .........@...............................................`......-.....`...@......@............... .......................................V..t....`...)...P..H...X ..p...............................................................H............text...S........................... ..`.data....$... ...0... ..............@....reloc..H....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Claims.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100632
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.968533454375661
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:mt2q/as3w2pm4X+bX5SdluDQu6O/UZxOQwQ7rzUU3q2bP64LrSjYFFQWEzwC:mMU3LpmG+bJS7uP+pXSsFKvT
                                                                                                                                                                                                                                                                                            MD5:31E935263D51F39C224E403BD5D7CC00
                                                                                                                                                                                                                                                                                            SHA1:8AF5EFBC150D8F944ADF84F89BFD9C11D00183E1
                                                                                                                                                                                                                                                                                            SHA-256:9AEDEB23632F45084722906CED314074FB14E08478545A221AB6476FEBBAFF0B
                                                                                                                                                                                                                                                                                            SHA-512:6B95226C760DE73C85A4A9ED972C1F51F14B50087BCCAC290A31813FF3F6F882F7B5C7EE21352F504ADCB7324214827D32BF9FE1DC34447520D97A7C12758D1A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...m............" .....0... ...............................................`............`...@......@............... ......................................x+.......`...)...P..8...H...p...............................................................H............text....#.......0.................. ..`.data...{....@.......@..............@....reloc..8....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17680
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.616772216364839
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:nXqqGWqkBWxYA6VFHRN71aEpcR9z0B7i7:XVFoFCl1aEpw9za6
                                                                                                                                                                                                                                                                                            MD5:3E2C2FBEF86A88B2BF2FD8B177FD6D0A
                                                                                                                                                                                                                                                                                            SHA1:3B2B791ADBF69F9A37597B80FBA9E9932E49A6BD
                                                                                                                                                                                                                                                                                            SHA-256:A28C5AD8CFC585C3D225B07AC28C359EACE65765EAA306FF44D7A6511262792D
                                                                                                                                                                                                                                                                                            SHA-512:6671151577CC961CE2C016543EE78C6197ED5BA9ACBAD855641AF5F661BB0BB4A5253E9E7BB5AE52253ED451F90818289826C242659ECCE405C25F1B0092C83D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A..........." ..0.............V0... ...@....... ....................................`..................................0..O....@...................)...`..........T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................70......H.......P ..$...................t.......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....|.......#US.........#GUID...........#Blob......................3................................>...........................?.....6.....j.....%.d.....d...U.M...k.d...:.d.....d.....d.....d...!.d...S.d.....H...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.725385029818809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:GvVnAxNaH3xA+Dr+jWx2fWRFWxNzx95jmHnhWgN7agW3GByMyttuX01k9z3Al6td:mbHh7KjWx2fWoX6HRN7W2cSR9zi6tL5
                                                                                                                                                                                                                                                                                            MD5:B00B172EC15D23D3BED84FCFA40D59D2
                                                                                                                                                                                                                                                                                            SHA1:2B98143649573E5DF30EE989D46D1DE956BDFC4F
                                                                                                                                                                                                                                                                                            SHA-256:A589AC8A9E90BA4F3E96CEC8B360B894DAB5FBDEF0004EF428258A9DC28D309B
                                                                                                                                                                                                                                                                                            SHA-512:3822F4DC24FF40893470D15E05E4E54933D19350227CF07696231A8C7EAF955AC4B303C075FED0AE2AB6C25BF790F889178C06F340F2D22BFA342231EEE6E5F9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..........." ..0..............,... ...@....... ....................................`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ...................... +......................................BSJB............v4.0.30319......l...<...#~..........#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................d.........J.!.....!.........A.......J...n.....,.........................................j.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.795290241765418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:sSbUikV/AvcaTAFCA3xAiHIRWLgtWhW+WxNzx95jmHnhWgN7acWVxwVIX01k9z3G:RbUlhfIRWLgtWwFX6HRN7eR9zEOrc+E
                                                                                                                                                                                                                                                                                            MD5:E593AE76E4CFAC375120915947952FF6
                                                                                                                                                                                                                                                                                            SHA1:8015474D50021C65A65867636086E4A8A3A6F347
                                                                                                                                                                                                                                                                                            SHA-256:5DA38D4A9EB67C2EF23B416A505E0FDB2A22FD5FE45D241645B37B5B5F0BCCE8
                                                                                                                                                                                                                                                                                            SHA-512:43C7368A394B119839BAC8FC2B0F9213307C84F297CE480C0BFA3DF6300F3AA7B55E64E789D1EF619E88364387CB11D2228015D3A2CC8338596348D7B2772A0D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6J............" ..0..............+... ...@....... ..............................".....`.................................}+..O....@...................)...`......|*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... .......#Blob......................3......................................................x.....3.n.........^.................I....._.................w.................G...................h.....h.....h...).h...1.h...9.h...A.h...I.h...Q.h...Y.h...a.h...i.h...q.h...y.h.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16160
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7458016577263
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:szoXpW5ZWWLhX6HRN7SmO/7R9zj2INRSX:szoXGDpWfOF9z6b
                                                                                                                                                                                                                                                                                            MD5:FA0C6A5EBA91D8A8B17232345900DD2D
                                                                                                                                                                                                                                                                                            SHA1:75AE67259791C5D4F580A9D2E0E7A892CB3B0902
                                                                                                                                                                                                                                                                                            SHA-256:AA82B36AF87D73B54AB0F0E5EFD9FDB16AAA6D3F385F238364ACD36E482999F6
                                                                                                                                                                                                                                                                                            SHA-512:8A76EF22006A7D4D3DF580CE00D310574251A91E942400E39637B57840EFE8386E51E27C92839E63038397CC900EFF43FEFD68A6E8820FF0C03CAB924F7DF812
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..............*... ...@....... ...............................w....`.................................s*..O....@.................. )...`......h)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...L...#~......<...#Strings............#US.........#GUID...........#Blob......................3................................................ ...........^.................D.d.....d...t.7.....d...Y.d.....d.....d.....d...@.d...r.d.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.OpenSsl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15624
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.84073937768766
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:sygdxAWK9WAm5ijRW8ZpWjA6Kr4PFHnhWgN7acWLmFGyttuX01k9z3Al6tLw737I:ca9WAm5ijRW8ZYA6VFHRN73SR9zi6tLr
                                                                                                                                                                                                                                                                                            MD5:09D34FE80AF19BF5B77BBEFCC01F6E6F
                                                                                                                                                                                                                                                                                            SHA1:0A4FC9635C6710682C6D7FE32F91DC28C29ED7BC
                                                                                                                                                                                                                                                                                            SHA-256:F644B4FA91D1BDC0596F390C99A123C206D0115FDD18CE778A23254066F46270
                                                                                                                                                                                                                                                                                            SHA-512:E8131DB3070617A09955EFC7D267B2687A6FCFB7BD061FE027B54721C461E4D7119A0E80DD346865D187BE548001064A900479E99922835D90EC1222659D3DEF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0..............)... ...@....... ...............................U....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..X.......#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................|.....|...E.i.........p.....+.Q.....Q...[.J...q.Q...@.Q.....Q.....Q.....Q...'.Q...Y.Q.................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c...y.c.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.783350992582665
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:IJ6y3F1cxAKh7jWI+3WepWjA6Kr4PFHnhWgN7acWWPVs8RwX01k9z3AzBhJ:pW7KLWI+3WeYA6VFHRN7Re9R9z6HJ
                                                                                                                                                                                                                                                                                            MD5:67BD5079FEA8657220315ED9B2DBAF97
                                                                                                                                                                                                                                                                                            SHA1:63F0A66127FEF3021E2B64B53758FF202C3318FD
                                                                                                                                                                                                                                                                                            SHA-256:13BC715968175667FEC2E02B13300F5DE2A867B754B79439D2633FF3F9240560
                                                                                                                                                                                                                                                                                            SHA-512:05B77B8A04F623F79E91D3381FFBABE7865089EFEFBEB29CDB016856C80D2CDEEB72473872D237B9A23F937CEE82021165BFF05E51065C4F8DE71B5B273A6EA7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{x..........." ..0.............z+... ...@....... ..............................9.....`.................................'+..O....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................[+......H.......P ..H....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................4...........r.................X.............(.........m.......................T.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.739673851144617
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:kw7H2ocvxA4fjxWemfWkqWxNzx95jmHnhWgN7agWMVkCY00pyEuX01k9z3Aly+E2:DH2ocZpWemfWk5X6HRN7LVVEpcR9z0Bv
                                                                                                                                                                                                                                                                                            MD5:3CC8CAEBB57D05D1909F39A6D647B901
                                                                                                                                                                                                                                                                                            SHA1:29F8797E4DD7F5BCD863FFBB7888029BD363361B
                                                                                                                                                                                                                                                                                            SHA-256:5826E377C017BB5C872E173DB728BB38FF072D1E0FB26B8E19B9ECA088752918
                                                                                                                                                                                                                                                                                            SHA-512:927D96034350439D2DE069018158A2A9F2C9BDEA8520AA09B3232ABD2C2283B41EEBD2A661A46333D4F95339B5191FC72F6F192FE7C6C6C4428BAD5661CC76C7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K............." ..0............../... ...@....... ....................................`.................................s/..O....@..H............... )...`......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......T...#Strings............#US.........#GUID...........#Blob......................3................................-.....r...............'...................X.....k.....k...........k.....k...i.k...&.k...C.k.....k.....k.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Cryptography.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2050328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.67414937170935
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:edeK2ZryEXV6VZMxfVRVgmJE2Jjd6ECxObm8w3b41R:edeFfxfxgeu41R
                                                                                                                                                                                                                                                                                            MD5:18921E60094E6EEB74476CA10F785368
                                                                                                                                                                                                                                                                                            SHA1:CA39FBBF0481B521F289C189892CD4BDC6D2D09C
                                                                                                                                                                                                                                                                                            SHA-256:028606C9C16ACDE6BC7874809E2417FE6FD7BA94D3DCFD04CFCE5A4C21F16FF4
                                                                                                                                                                                                                                                                                            SHA-512:0BC5B20C232E9F13EC372FA6BE23DE495D9EE0FDBB577C104EBCDA0EE349F9282A68B3C88997337EC2ABF0DAC01885143BC9188B3308CAC5C1263112CDF8495F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`................................................... ...........`...@......@............... ..........................................d.... ...)..........P...p...............................................................H............text....V.......`.................. ..`.data.......p.......p..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):186640
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.420537455369693
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:72kZDNC/sCTyRdtl63xJYrwkpDCRi1CSB2TOK1BguZbKXm:7U/sC6Ll67YrLpDCR4B2rPjxK2
                                                                                                                                                                                                                                                                                            MD5:7C560E02F8DFD723471F71CB71C0CCAA
                                                                                                                                                                                                                                                                                            SHA1:C1EA98009AEA6C3B12E078965CA3472E44EDA305
                                                                                                                                                                                                                                                                                            SHA-256:59815FEAB7B47ABF6E7D4231A7081452B256704A3834C6A927A9E74C03897B9F
                                                                                                                                                                                                                                                                                            SHA-512:32120BCF4D3E5C7A5AE676688FA8F0102C752E059C5EAF8987B37EAF3436C6892F9D1E7B3C531DB808E1E554316E24ABB0E3848705517833309954EBD537B037
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`...@......................................................g.....`...@......@............... .......................................N...........)..........p...p...............................................................H............text....T.......`.................. ..`.data....&...p...0...p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.Principal.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8053996554852345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CB0LZxAyk4jWVUmfW2fpWjA6Kr4PFHnhWgN7aIW5agiZTOebR5X01k9z3AZZNFrg:zLD+uWimfWcYA6VFHRN7b9bt5R9zExr
                                                                                                                                                                                                                                                                                            MD5:C9285D5497F2850234F48A0CF5619C0F
                                                                                                                                                                                                                                                                                            SHA1:1B3AEAF0C40E401C1A2B4C19EAD12314B5782DDF
                                                                                                                                                                                                                                                                                            SHA-256:902D836B8CB066DC2279E4DE0979B5A380BDCCCCFA69634BA51111CAC2BE2F44
                                                                                                                                                                                                                                                                                            SHA-512:5EE72864A21C23B1AF540DAD95D67348837467A3CE19478B02223EE220441E40388B97C8E1110452F32EC2FB04BB63B649E49860153B5B1DF3F4D37D1C37866B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J. ..........." ..0.............j)... ...@....... ....................................`..................................)..O....@..................()...`......$(..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................K)......H.......P ..T....................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................=...x.=...3.*...].....^.................I....._.................w.................G...................$.....$.....$...).$...1.$...9.$...A.$...I.$...Q.$...Y.$...a.$...i.$...q.$...y.$.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.SecureString.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.831153527632702
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:XMBPxo2xAjD/W1O3Ww81WxNzx95jmHnhWgN7aIWbTmAg7iDtagQ5X01k9z3ADqng:El6/W1O3WwpX6HRN7lriDtdQ5R9zaqcx
                                                                                                                                                                                                                                                                                            MD5:8CC719E1BA62CA6F7BAED90FDE41BF8A
                                                                                                                                                                                                                                                                                            SHA1:6F28D219D46E0A87658E0C46C5DABEFAE795F121
                                                                                                                                                                                                                                                                                            SHA-256:1AF90D82A617AFB3BCCFEEA39B6D18CFD3A7C93CC80C8B75DBFF0FD2E75E7BD8
                                                                                                                                                                                                                                                                                            SHA-512:E693831E7C4DE5BF2BF955A64D27B84F9ACABDC2BC6D7F150C582CE05E430C36BF48B22680E9A9831AE73A0615FD522576C22DD015CDE7D629413E200E5F138C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y6..........." ..0..............)... ...@....... ..............................QU....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...$.......#Blob......................3............................................................3.Z.........^.......B.....B...n.;.....m.....m.....B...S.B.....B...w.B.....B...:.B...G.B.................T.....T.....T...).T...1.T...9.T...A.T...Q.T. .Y.T...a.T...i.T...q.T...y.T.....T.....T.......................#.....+.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Security.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.530599284978063
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:jIhDM3WsKDWYX6HRN71nRxB+R9zpj5g9Z:jIh4iPW1nRxw9z15sZ
                                                                                                                                                                                                                                                                                            MD5:0E43639AE0E98F9148C913477276A391
                                                                                                                                                                                                                                                                                            SHA1:507E7B61569746ED20B920BCAD7D5C803D1E7736
                                                                                                                                                                                                                                                                                            SHA-256:C0F486C4FC818613DFC50485F7201B5A59A79851C3CCAB2FD75EDAB2456C33C4
                                                                                                                                                                                                                                                                                            SHA-512:1340334B451CC8F81D4FF525F5EE47988E3339921A8891CB5B0026E32669FCC0363D560478C05A81A7AAE4C81CE018CBD0DD6510DE94DED13B0892CF0EB424D7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...OZ............" ..0..............4... ...@....... ..............................+y....`..................................3..O....@..X............ ...)...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................3......H.......P ......................P2......................................BSJB............v4.0.30319......l...H...#~..........#Strings....h.......#US.l.......#GUID...|.......#Blob......................3................................O.....................0...........3.......x..... ..... ........... ..... ...r. ..... ...*. ..... ..... .................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceModel.Web.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.64645995156569
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:y3nspYI7GWGlM5W6WqWxNzx95jmHnhWgN7acWUlM/wKUWX01k9z3A/ylK:ptGWyM5W/5X6HRN712R9zUoK
                                                                                                                                                                                                                                                                                            MD5:E6CEF184273D2FE35362FF4E5D866FF7
                                                                                                                                                                                                                                                                                            SHA1:F6A57545875E5B8E1C8C05C0040BE9EA78207E3E
                                                                                                                                                                                                                                                                                            SHA-256:3D08EB5338C0C588C1ABD53FE726BAE0607E0B50312F0079B678E3759FA1ABBF
                                                                                                                                                                                                                                                                                            SHA-512:83D7671DC0B7E99068C8F322B1A81B090B54379EBEE2F9D6FED4104A138BDA4202EB92394B003134B73B9A2317A6592AD304C1435C7EBE5DA1953B1761130477
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1..........." ..0.................. ...@....... ..............................i(....`.................................7...O....@...................)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................k.......H.......P ..x....................,......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................&.....................?.................%.].....................&.................>.....[...................{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ServiceProcess.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16168
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.754179132368782
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:9NNuGxAo1BpWnielpFWYilpWjA6Kr4PFHnhWgN7aIWjvkYHnsTX01k9z3A1WdS:NHHpWnielpFWpYA6VFHRN7BYMTR9zUS
                                                                                                                                                                                                                                                                                            MD5:E5C676801CA76BCBF074E99710503F02
                                                                                                                                                                                                                                                                                            SHA1:63C05E75C9862CFEE2B26FCA0BE3F1FB4C37E175
                                                                                                                                                                                                                                                                                            SHA-256:634A5D94940A58BC90AFC5DFC90839359B0A9B2F7E0D7F12CDDA3281DF96418F
                                                                                                                                                                                                                                                                                            SHA-512:4CFB1A78F5698345174BBA119D51E48BC85A8381D8174231A7A2DD65C0281E726E34260B5EA5D1AD71DF5580070D4B4017CA4D3D9CF0592CA25600EE58FFD328
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..............+... ...@....... ...............................&....`.................................?+..O....@..................()...`......T*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................s+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................!.........f...........\.....:...........B.^...H.^.....;.....^.....^...+.^.....^.....^.....^...p.^.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):862512
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.457167201577773
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:pf7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPSYBKgTWeybo:pD9km6k/IwRYbiBeKGCBYTyhs
                                                                                                                                                                                                                                                                                            MD5:ECB1B379B3BCB01ACB12FAEEDFC5D01E
                                                                                                                                                                                                                                                                                            SHA1:69BBEA3B222FF7566FA746572022F77F81122AF7
                                                                                                                                                                                                                                                                                            SHA-256:85F3296C927E27E28461F6325A05504C0AEA8B93CA79691542E2A9E9AF92D3C9
                                                                                                                                                                                                                                                                                            SHA-512:CC3E2AF695AF5AF4CCFDD981B15175A2525EAEBEB9BCB87C094E23FB156C7A50651B6600961741A0CCB1F7ACF2D38394F5395A846736371CAA6A1FD21FB1643F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3l............" .........@......................................................g.....`...@......@............... .......................................B..p.......0)......<...8...p...............................................................H............text............................... ..`.data...`!.......0..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16160
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7352349940283025
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:h7mXhp/SxgZW6sJWDWWxNzx95jmHnhWgN7agWP3zzccADB6ZX01k9z3AqRrimR:h6xiUW6sJWDdX6HRN7azzccTR9zlRrT
                                                                                                                                                                                                                                                                                            MD5:7B3BDED48604BACF38173A19CB38F269
                                                                                                                                                                                                                                                                                            SHA1:9D15D2AD99F7437C9AE1775898C739712F8E5F93
                                                                                                                                                                                                                                                                                            SHA-256:A875D0785CAE18EE30DB531303C166BA1A1D30C0CA4AB8EDD38FE04056F91EAA
                                                                                                                                                                                                                                                                                            SHA-512:A34CAD7DC195B6C5B8A5C89E3A93083B1D401B5F772807524CEDE69210B04BF8FE746D9925C2FDB18B8D0F7636CFDFE48CF26FB0095500739CDC48E141BF344A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^*... ........@.. ....................................`..................................*..X....@.................. )...`.......)..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@*......H........ ..0...................P .......................................:...f.r....j..:..........u.z..n...7..&.....:..75o.=n..j~~.Qe..S..H....B.u.:..S.......Jw..........."U.I".$.1.........J/D.\BSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................O........."...........;...........f.!...!.z.....z.....s.........;.......z...[.z.....z.....z.....z...B.z...O.z...v.............

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encoding.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.725439980411438
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vzLJxAKpjWfgNWeWQWxNzx95jmHnhWgN7acWGPh3PMx6RMySX01k9z3AcyxaNIP:jJWfgNWzPX6HRN7PP9LMR9zPyyw
                                                                                                                                                                                                                                                                                            MD5:A16009A8EEBE01B264F1BD291D51DAFA
                                                                                                                                                                                                                                                                                            SHA1:7B4646DF65B243BBF2134594B08082F7CFE8F4A1
                                                                                                                                                                                                                                                                                            SHA-256:5F1FAA88187672DC240B18D4199BB8040BBE8F3F7EEC939DEC5ABB1407137D22
                                                                                                                                                                                                                                                                                            SHA-512:8EE0BDDA4F5BCDEB139C0D225E10385DA131808E7279EBBF2ED81CED81797A4E9118FCBCBAE46C07545D0B9D5C0527B81FE63E8543FDDC55125560518E676B9F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ql............" ..0..............*... ...@....... ....................................`.................................a*..O....@...................)...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...T...#~......T...#Strings............#US.........#GUID...(.......#Blob......................3......................................M...............x.....3.....7.....^.......m.....m...I.f..._.m.....m.....m...w.m.....m.....m...G.m.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):133416
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.122557067980221
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:2bTDQlE37ykm3E5T+zpq5D3lhjdPTp8K76+d05HzdyRNX3Mpm4+SqUTiSc9zt:2bTDQlZx3E16qvZ5N77uLINnMkSqUT4R
                                                                                                                                                                                                                                                                                            MD5:3AD11258AF678B2C75F0010EF78BC7EF
                                                                                                                                                                                                                                                                                            SHA1:68B5984401243F1071D73EB0E3F021E043A17EB1
                                                                                                                                                                                                                                                                                            SHA-256:CF456FA426BEF36E8ED5D71A3FAE3EFAD06F5425A53BDEEF427124DA42409D09
                                                                                                                                                                                                                                                                                            SHA-512:A2D904B99F4935648C7471569DD4FF81BD89A9AC1BB7931390BD3872E691B3B58BCEDB48961E2AAA3AA8C04227887D2A1CBAD6B41C416AFDDFD002044C3104C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....v@..........." ......... ............................................................`...@......@............... .......................................-..X.......()..........(...p...............................................................H............text.............................. ..`.data...}...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1501464
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.712609643579495
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:8tH4NwClgTsJL6Tb/DrtY5uR5K91CSVcgtl3yM8cVUgHTHLP4:OHlTs4rDrtj5o1N8ca
                                                                                                                                                                                                                                                                                            MD5:07C161588790210444DC12F77D7CE1A9
                                                                                                                                                                                                                                                                                            SHA1:0F2E4407C0A4F25759A94488646B626DEA7D8785
                                                                                                                                                                                                                                                                                            SHA-256:93B1E1E677045AF7AAF17A9BFA9EA81D944E0918A94EB3492B78B22948550D47
                                                                                                                                                                                                                                                                                            SHA-512:7AF614FEC989F5AF4C5A8B6787109CEBB98DB23783C4CBBCA22847DB8A84C515FDD87978CE96DD42D2D1B48E2F27BFAEEC8456C422923C6DDF35FDA3F4C574C4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....w............" .....0..........................................................Y.....`...@......@............... ..................................................)...........R..p...............................................................H............text...F........0.................. ..`.data....R...@...`...@..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1022264
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.8216381706865095
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:zx/dsuQ+B/b44HO2inDiv67tAEehjqnQf8:dQEb44HKivIehjyn
                                                                                                                                                                                                                                                                                            MD5:D02946E47FC19B1C831A811808342B75
                                                                                                                                                                                                                                                                                            SHA1:55739760E02BAFDA656149D052EEF444E68FDD90
                                                                                                                                                                                                                                                                                            SHA-256:0FECFAC9BDD40C258F720FAC301E3722EA9FC245119E43DD30D181A9B1072DBF
                                                                                                                                                                                                                                                                                            SHA-512:74FBB915D948C26F91D6295539A119C9E2B5B0C9877CAAECD0AD02F06EEA26B85AA2BF05CFF12A00098508859CC039A21D3D8AD10E04E1A969D280CCE2323290
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....U..........." .........P...............................................p......cj....`...@......@............... ...........................................G...p..8)...P......p...p...............................................................H............text............................... ..`.data....)... ...0... ..............@....reloc.......P... ...P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Channels.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):133408
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.278452778470254
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:1T3t+/kXS+F3g2vlsEjd+fzs6Fls5JQzWoioIR3cBPdzyWBTzAp:1T3tYkCQQQmEjd+ZFl26zri9r2TUp
                                                                                                                                                                                                                                                                                            MD5:03A17E0F4DA9EB9C6EBB6E10CA241757
                                                                                                                                                                                                                                                                                            SHA1:612D03F4162282670D7276836B319F201DFACBD3
                                                                                                                                                                                                                                                                                            SHA-256:985DF4C7AC42C3447490BEC7653F111E137A88AC633BDAB6D0FDFAD23CB22095
                                                                                                                                                                                                                                                                                            SHA-512:39C1E597B35524E881902DC6F8946466EBAEFF404433A813DF7221DB316D3E1886A274065CF127740B31AD370F76D7C66B1FE7B965AD50482A0D624365922912
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|.$..........." .........@......................................................_.....`...@......@............... ......................................L7.......... )..............p...............................................................H............text.............................. ..`.data....#.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16144
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.739782129844139
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ZHYCHLcH4H8HUWcuHWIYA6VFHRN7G/7R9zj2IUH+:LWTFClGF9z6S
                                                                                                                                                                                                                                                                                            MD5:B27644E15572E13CAB812C2031D76610
                                                                                                                                                                                                                                                                                            SHA1:CD2D27ECBB2E4D703CF2C253C6575CE1B53F3F24
                                                                                                                                                                                                                                                                                            SHA-256:00EE20495CD0531670CC761FF6B29A0230CF7C8FE607FCAD79567C5D1D01FF57
                                                                                                                                                                                                                                                                                            SHA-512:EFE0493109B04FAF580A745EC7FB120F0688C2E374F9447D06BFA742F2257E69E0E1544C3393AAE4EDB13B986396F20E90C2B32F480A75753FB8BC8E8500C8BD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............"!..0..............*... ........@.. ...................................`.................................;*..P....@...................)...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..p...................P ......................................k...O..`.:b.v.$.]..],vO.#0.l...B^.....]C....%].%.../...H......._...f.9{...qFid..,>l.....S\.8..cQ.n....xV$....{.]..6.s.\. sj...BSJB............v4.0.30319......`.......#~..p...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c...{.....V.............c...t.....}.................9.....................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):489736
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.715658217779917
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:x//X6hS+34BkQb8tA7nPgNKMpFI6bB5v30xhZWX9gL+i:xr+I0urMvR5vExhoX9gL+i
                                                                                                                                                                                                                                                                                            MD5:3356784EF4FE8C2678C85D417848A48E
                                                                                                                                                                                                                                                                                            SHA1:89E60DFB18514CA65A9606B93B7D2BA7B4BCA5FF
                                                                                                                                                                                                                                                                                            SHA-256:FB97F3ACD266AE1F0D25BD4CB77818AE1D154FEA3B46F2C1A3ED1EDB842F46C9
                                                                                                                                                                                                                                                                                            SHA-512:1C3AD7582BD3F5B77019D931EFEBBB3E79960AEF51D9624E00E183783E6F55CA2CA5BD09CF49B924C1970E10A92261230A14420D85694E04EC46F9A7DFE2107F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]y............" .........................................................P.......i....`...@......@............... ..................................l......,1...P...)...@......h"..p...........................................................p...H............text...2|.......................... ..`.data...M...........................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16168
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.769727575357376
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:SCVm05B091ncmJQ8fxGWSOXW5YA6VFHRN7l9WoJR9zgy:1VpM6urmFCl/R9zH
                                                                                                                                                                                                                                                                                            MD5:740A782D6B359CF77C9E7A1ADAB24F77
                                                                                                                                                                                                                                                                                            SHA1:8695E898EDFF87BA40B0D9A9C8CDB901A0C3C195
                                                                                                                                                                                                                                                                                            SHA-256:B1DC1408C74380CB9F02D9B9BB3B550770B98E27D377E60F216C4B14D602356A
                                                                                                                                                                                                                                                                                            SHA-512:31759B0AFE7EE71BE2DBC56C7273B9B125B9AC298B644ECCC60AAC7BFA1436BC72508C65D95353DCF944A49434BCE02C88D43B2A1E4253666C7F80FE741689EB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............V+... ...@....... ....................................`..................................+..O....@..................()...`.......*..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................7+......H.......P ..0....................)......................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................s...............1...........A.......O.................................W...........1...................p...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):133424
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.345631677255552
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:hgookDn4z7gSCyhdrhYnS+5atmkg9nE3rVo9kQXL:xTEw3yhVh/h3rVoOQb
                                                                                                                                                                                                                                                                                            MD5:E4248B0D435DD54DE832467B13489FAB
                                                                                                                                                                                                                                                                                            SHA1:32F6B603442302F627BC5DABFCDB5AAAAD44281F
                                                                                                                                                                                                                                                                                            SHA-256:43D450BB7B0D440ED0D7F9A933E68E69CC0E2591B5B4D6B81C682EB7DCE85548
                                                                                                                                                                                                                                                                                            SHA-512:27A095A634F88193DA5B3507363B753B1008674789EA50C66E582CED633D48D6EC1042FE7BECDF65085E29F5BE979E9EF5BB7AA930E14DB21BD4C903AA94C575
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....#E..........." .........@............................................................`...@......@............... ......................................<4..........0)..........H...p...............................................................H............text............................... ..`.data....$.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Tasks.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.623536186140361
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:laf4fk3CBFoq19k9WHazWbIX6HRN7NejA2IR9zJNml:laf4BLonjWNgU9z76
                                                                                                                                                                                                                                                                                            MD5:4B0EBBC7AB26C4FA2712DC1D7A9A430E
                                                                                                                                                                                                                                                                                            SHA1:7E4872B4C2DA8CD8C39421EECCFEDB644F7F5882
                                                                                                                                                                                                                                                                                            SHA-256:71F1B7847ED8C9DF6DB99ED7B756E4B846FEC646D8A8033C16A3945378AFC964
                                                                                                                                                                                                                                                                                            SHA-512:339EEC43B703566A3094718FF28066E2A6011C3DCBAABCB3C7079CBF466D88F91702FB6BD8342DF08046854B6AC0B37A756A4AE7AEF20FD9A2C5D63477B73674
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ...@....... ....................................`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~......H...#Strings....X.......#US.\.......#GUID...l.......#Blob......................3................................&.................o...w.o...2.\.........].................H.....^.....-...........v.................F...................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Thread.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.77418439872863
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:u4z2EI0W8tWcC7WGkX6HRN7cN8KER9zlZ:uOQvEWcN8R9zf
                                                                                                                                                                                                                                                                                            MD5:00FE534A33B1F18DD900DF89E17F73DE
                                                                                                                                                                                                                                                                                            SHA1:0792678A143E8ABDD57837D4B67D187B74570835
                                                                                                                                                                                                                                                                                            SHA-256:ECBE1CDE0DE93B08489005DE9B2BA627725DC55646735DCF0F027E0E1FCE6F6C
                                                                                                                                                                                                                                                                                            SHA-512:5AD071C4574453FE242344696DB8D132386CB05398C241F003C5643CC843C354288BB2C9A91BB6E0B8DB3E126B747C34BFBD01B51255C82DC6C237B86686E73A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^+... ........@.. ....................................`..................................+..P....@..................8)...`.......*..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..H...................P ......................................."r_....e6...@i..$...{.A;...;a.s7......i..>...b.Hg.u[..........4..$^..w..N......^...L>+..........%..&9y.;.. .T.9.........[BSJB............v4.0.30319......`...|...#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`...........T.............y...0.!...9.!.................................u.............@...........

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.729725204835813
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:12ctmTqd92QxcNauUWEmvWGWYWxNzx95jmHnhWgN7acW9vVKDUX01k9z3AyCW6Ey:RtX92OcYuUWEmvW73X6HRN7g9pR9zldK
                                                                                                                                                                                                                                                                                            MD5:C5F1D1ECF20663D3C1BC58887FB02131
                                                                                                                                                                                                                                                                                            SHA1:FF1860873F1CC59E9EE1E95992CDF6BA3B8E30DB
                                                                                                                                                                                                                                                                                            SHA-256:5913E28B4B0E1D9A722C378557FE4AF7DB39E8A5E916ACEF6EAEC9A78F5B4A35
                                                                                                                                                                                                                                                                                            SHA-512:0B000EFC667A85D36793D01456886BEB56BB96D8AE89DE84E5D49B488092AFA272578733DAC2CB147F87E94A60F17DB8E0FD2EA72E868F331A9F07CEB44A85E2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0.............N*... ........@.. ....................................`..................................)..T....@...................)...`.......(..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..,...................P ........................................D2.m...)..4...Ya.....B...z...T5.{...g.cH!..........H.K......{...J..K~c*..D..4*h,K[..b...Efd&.y...S..&T..E6[..._.a..O[LBSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.....6...................................p.......................W.....d...................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.Timer.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15672
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.780056232573692
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:aeF6QoqNSEMWs1CWEX6HRN7vuc9WR9zBBGj:aUov4WvA9zbK
                                                                                                                                                                                                                                                                                            MD5:0A7251814B8BED94B4446C313D1BD7DD
                                                                                                                                                                                                                                                                                            SHA1:4BFE5154B22D587A69B1F8BB02A745A7CC0F6AFA
                                                                                                                                                                                                                                                                                            SHA-256:4A3352E5C4886501A6953E4C6448E389EA21C098A21638ED188A55C5A0C0E987
                                                                                                                                                                                                                                                                                            SHA-512:22E06FAB674F06A141C1631C483B885EBB8EC48A96C164ED69985E675CC3FEFD71E5BAAC6D29008379CD0B1C6D16928917C2BB1D58A016294C6580DBF93415A9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R............." ..0.............&)... ...@....... ..............................%Q....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................d'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....|.......#US.........#GUID...........#Blob......................3..................................................3...x.3...3. ...S.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Threading.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):84280
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.968460814469461
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:AWgoICPLdImrmODZcUBeZ8j0GEH9wd633GRm3LGgLWz9zu:AWgo9PL6FtZ8j0GEH9wd6GR4GgLaS
                                                                                                                                                                                                                                                                                            MD5:932A0C2978B649703C40B260B1955D26
                                                                                                                                                                                                                                                                                            SHA1:E9A4C055BC14B3A2DB5BC5D0CF838E79838CE8E0
                                                                                                                                                                                                                                                                                            SHA-256:15CC9DB291B87042F1AB4319F8D04F4CD226F15BF88BF0810B31DCD50FB0BB7E
                                                                                                                                                                                                                                                                                            SHA-512:51D6D767425FA1AFA0ACD5A149B99D4C62BAB174ECD7485211E9B9635EB876319E8AD2A96D9A7CEF26BEB855DA3661B26912F05014F6DC22CFFE33306D9988E4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......... ............................................... ............`...@......@............... ..................................d....'....... ..8)......T...h...p...........................................................h...H............text............................... ..`.data...............................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.Local.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):661792
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.67434786359905
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:W/JxQHxtiM28JQUegnzVx3C9jB25sx91G0:W/r7wrzqg5L0
                                                                                                                                                                                                                                                                                            MD5:1944601E5186DB41729C8096C8A08BF6
                                                                                                                                                                                                                                                                                            SHA1:DD637874B36356698C54DB5DB565580C2183627E
                                                                                                                                                                                                                                                                                            SHA-256:981215F0EE08D156867FAAFAA17F9D97D409BE691BAB0BD330D5BAB864FA04F3
                                                                                                                                                                                                                                                                                            SHA-512:185C2B7994AD40F31FEFA4DAB46167477D0371850D2B7C62D87DEE8C4F746AC6C6D55CC6BFD85A1294BEC0273E88233D94A9096DDFD791C0A9FA45B938A6D610
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.../5]..........." .....@................................................................`...@......@............... ......................................h...hI...... )...........4..p...............................................................H............text....5.......@.................. ..`.data.......P.......P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Transactions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.711937162453506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:rw3RC0uWzliWkYA6VFHRN7P4EpcR9z0BHky+:03RC0xoFClP4Epw9zaHkb
                                                                                                                                                                                                                                                                                            MD5:18BA1339DDC5D2FA9B78F7AC1C18624E
                                                                                                                                                                                                                                                                                            SHA1:FEA42F32DF780D9E9B180B149BC051DCC4C2CECA
                                                                                                                                                                                                                                                                                            SHA-256:033AD774B53A4CFF5AE9AD00AD51FB44FB7E34CCE86BB88E077046BBDE82094E
                                                                                                                                                                                                                                                                                            SHA-512:692E2FB1E69480A1D3264ED6666A2F0CAB1E05CDD6EE85DAFD58BF495443094DCC5D94864A2ACA6E7525129DB4F1442C3B80B52FF2C129E06C86DE6330A10605
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............-... ...@....... ..............................k.....`..................................-..O....@..x................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................$.....3.........0...........D...........o.....*.1.....1.....K.....1...i.1.....1.....1.....1...P.1...X.1.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15648
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.81235116499574
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:56yhm7Qv3Wt7VWhWqcWxNzx95jmHnhWgN7agWaNVAv+cQ0GX01k9z3Aspnkf5l:8yh93WtpGWqjX6HRN7PNbZR9zBdkfP
                                                                                                                                                                                                                                                                                            MD5:FA3ADB76CA6EB3A67A5E4B6B24338726
                                                                                                                                                                                                                                                                                            SHA1:57EA6862DB7DE23B47C34A804C0F1C10E3BC19A2
                                                                                                                                                                                                                                                                                            SHA-256:4B3C5F41F52F16E2F4EC27BE12610A8437DE61F2B4CE53E383521A74D7937F44
                                                                                                                                                                                                                                                                                            SHA-512:906624CE50242A01B84603D8100AC37C73B55821D111EB56186EB2CB41BC27945FD69DCD140DEC88FAD42C5A62E5504F72E78B0C21BFC7DF39CD3C7290D84E6A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i..........." ..0..............)... ...@....... ...............................2....`..................................)..O....@..h............... )...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................D(......................................BSJB............v4.0.30319......l...,...#~..........#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3......................................E.......................z...........+.....b...Q.b.....[.....b.....b...4.b.....b.....b.....b.....b.....i...........t.....t.....t...).t...1.t...9.t...A.t...I.t...Q.t...Y.t...a.t...i.t...q.t...y.t.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.HttpUtility.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):59704
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.885165737065941
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:FERA91+CQcmHLnDWrdg7JvYJ2QWMVkDOBM7dWs3zXfXSXE2/2dAWCio9zL6:FSA/ScknDa2tYmwkDmmwWzvC32yWrgze
                                                                                                                                                                                                                                                                                            MD5:CFE673CE2D26EEF64ABEB7B7696177FF
                                                                                                                                                                                                                                                                                            SHA1:96321BE02E912B7813C8A3743CC15528A0DE0BA6
                                                                                                                                                                                                                                                                                            SHA-256:F1A590E321D86848C924055DAADAD7E4B086F199034F133DCE1B034E5AD53131
                                                                                                                                                                                                                                                                                            SHA-512:D70A9D8FAD2AD71774E2CA82D311E71A9B80BE9F1907E38A79529B142FE462BE393E1F39C7114FE674CD703C57001F4B42A27445C8ACA047074DA15A85E34F96
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......... ............................................................`...@......@............... ......................................D ..........8)..........P...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Web.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15624
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7523247989432935
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:iZL6h2FWVvo9W8YA6VFHRN752Y2MR9zPy0:iZWhAdFCl52Q9zK0
                                                                                                                                                                                                                                                                                            MD5:0031FC0CF7730A0D2A235083C7BE48D4
                                                                                                                                                                                                                                                                                            SHA1:FC6B6BD1AE65FEF8DCAFE4FEF263F36270ADED3B
                                                                                                                                                                                                                                                                                            SHA-256:9351D54C7407694F2ABB14DE7770A85CDE97AB0E603B9B54800DD78D4D10E59A
                                                                                                                                                                                                                                                                                            SHA-512:C25AAC8EE4FC10A8E53772C5FE9804C63E116EF4A2129EDFCC0D798417F96118FC7ED510656C6507132CBE9500676EC05D0A5F6A77B76CCE068BEC7087344FA7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=..........." ..0..............(... ...@....... ..............................7*....`..................................(..O....@..8................)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~.. ...D...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3............................................................>...........i.....$...........T.....j.....9....................... .....R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Windows.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.713032229773769
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:oaHtXz5UAWElSWNYA6VFHRN75FwB2IR9zJZpA7:7xNUo5FCl3wwU9zW7
                                                                                                                                                                                                                                                                                            MD5:CF29C8C0F79AB74BB29D01A8CD114146
                                                                                                                                                                                                                                                                                            SHA1:DFFFCA8A3FB3CA3DEFD6F74DEE30D0A2C3824A70
                                                                                                                                                                                                                                                                                            SHA-256:60E61212B4413692C26885707CF656A94D9676FF416C009FECA45C13B45271AE
                                                                                                                                                                                                                                                                                            SHA-512:FE22D7A38752FF490568F9041C8FC063EAF2828B9D136446BA2F183B6433CCD1D184A4B1355B13ABF2CDE428025EE0C36D42ACBB2006539A9EFF31A166432DB7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................X.....`.................................Q*..O....@..X................)...`......t)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...(...|...#Blob......................3......................................X.........U.............................y.....7.......k.................................u............. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Linq.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.701189252773519
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vc17FduW1H4W1W2yWxNzx95jmHnhWgN7acWPwy8RwX01k9z3AzBhxH9cHYNm:uWW1H4WUmX6HRN7YV9R9z6Hxu4Y
                                                                                                                                                                                                                                                                                            MD5:30E9D9AC1BBC20DF3488FA252015553E
                                                                                                                                                                                                                                                                                            SHA1:FB9419C4C85DBD5A3E2A9419AD34B4635C6CB544
                                                                                                                                                                                                                                                                                            SHA-256:79D0149A24692E7C6B2EEB854CFBF3400702ED3D6640AA471ECE856B59E269E8
                                                                                                                                                                                                                                                                                            SHA-512:22BAE9984027A91DD7AAA53E05B387C20315153C30954E6770538D85C0990C2622BD16E42CF7C70DD88BC01975A886B99D8AFFBF859C2C339ED3A18D6BCDE5EA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............" ..0.............B+... ...@....... ....................................`..................................*..O....@..X................)...`.......*..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................#+......H.......P ..@....................)......................................BSJB............v4.0.30319......l...$...#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................L.............................p.@.....@.....,.....@.....@.....@.....@.....@...l.@.....@.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.376492073803144
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Z1G5qkxK67ex4FC1sW1/AWZjX6HRN7Nx9WR9zBwrw:v6LWnrWw9zT
                                                                                                                                                                                                                                                                                            MD5:21D8FDE33639C09BE8AD7EA2CE430C39
                                                                                                                                                                                                                                                                                            SHA1:EB5DFA19839787F0CD7C0F8008AAFDAD62E33182
                                                                                                                                                                                                                                                                                            SHA-256:0EBF6E07AC4C055F6EAC71D86CB01C43FA3DF6954828FAEC2E9A491D28305CB1
                                                                                                                                                                                                                                                                                            SHA-512:28545864610BD19F44A5D06671453CAB62A33BA92E786C5B2A2F089ADA33FE6E947F6D6223195AFA5016F7A5EC506B33A84CC3EBCE4421CA8240C459AA03CAE7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..$...........B... ........@.. ..............................AM....`.................................wB..T....`..................8)...........A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P .......................................w.y.9e.)....w..N....5...V.IT......j..~...(.."......7..o.....M{f...jV.".l.+%J.....x._.....,...d..~C..u..c..A...E...!.fmBSJB............v4.0.30319......`...|...#~......8...#Strings............#GUID...$.......#Blob......................3............................................................G..... .......b...-.....f.......i.......................................[...............................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.Serialization.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16680
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.632838369230027
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ZIhLW7MIEqHWJYA6VFHRN7cNviCksR9zcm:ZIhkbEqSFClWio9z3
                                                                                                                                                                                                                                                                                            MD5:14A3984EA8B856B26EF616F614D5350C
                                                                                                                                                                                                                                                                                            SHA1:CDD8701E19708B6916F3336BCA9B5D60777EB41D
                                                                                                                                                                                                                                                                                            SHA-256:C9C61183DF3FB4E23A0D98D3A1464352D84BBF80DBF05B5F2DFD5FB8186CA4E1
                                                                                                                                                                                                                                                                                            SHA-512:B99B727D1D0FCF453F6F1631C46D817A828B02A8E3D231A772E18433BA0133D0EED747C5E6563A9FC7CDBB75183C986F10DAA639AC8DF230DAE68AEA1A09A214
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"..........." ..0.............R,... ...@....... ....................................`..................................+..O....@..................()...`.......+..T............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................1,......H.......P ..<....................*......................................BSJB............v4.0.30319......l...4...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3......................................".....................X.................*._....._...B.?....._...'._...Y._....._...3._....._...l._.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XDocument.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.774367058875485
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:kZKFW/QdWHYA6VFHRN7Z9ZL2IR9zJHJUO:XB6FClZ9ZaU9zbB
                                                                                                                                                                                                                                                                                            MD5:BE12DF6ED82876BE80A492350334C32D
                                                                                                                                                                                                                                                                                            SHA1:929B139819B4AA89B251B0F7C79C84BB27255180
                                                                                                                                                                                                                                                                                            SHA-256:5BF16937086393770381C25842CB35011942F78D0C9EA7DCDAF0161429288B8A
                                                                                                                                                                                                                                                                                            SHA-512:CB4D30DD1EC8A1A5549BF06120C36275050714D4AC1049838A450D5345491E96C17EB18FD351280BA3808CED1D51C7F89EA7653091490C06AE98B7313CCC9C9F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q..........."!..0..............+... ........@.. ..............................Z.....`.................................q+..Z....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................`....Uk..O..8.....P.g.:.....PJ.+F.".C.{.....c.^.6....ejIs9..Lc5]...-#..8...I..b..yC`.......us_.V....~...c.^^...5....&Ssc....BSJB............v4.0.30319......`.......#~..d.......#Strings............#GUID...$.......#Blob......................3................................................L.............................p.L.....L.....8.....L.....L.....L.....L.....L...l.L.....L.............................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):30984
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.288581469269511
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:SW0heWs6bkmv7dYA6VFHRN7bUD2IR9zJO2:Ss6gmZFClbDU9zp
                                                                                                                                                                                                                                                                                            MD5:63AF3D0B5B3681BA5BB2586E41014548
                                                                                                                                                                                                                                                                                            SHA1:0E7A369FD101B66A96577FFB16FB188BDE100496
                                                                                                                                                                                                                                                                                            SHA-256:865C8934588F79ACB1BF69D0D406198ECCAC4751BFABCC0F6BB4E6712459090E
                                                                                                                                                                                                                                                                                            SHA-512:F82C6C4011F8B8C51AD506C22E5D4B1FCD4A3AFD10B9D0924CEFA54A5DD61E0DBFE972644ADB603AC0E75AE00DDD553D718E9BCB18F4CB95C25A3DEA9B323CC3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ... ...............................................P......3.....`...@......@............... ...................................... ........P...)...@......p...p...............................................................H............text...3........ .................. ..`.data.../....0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XPath.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16184
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.732697208000902
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:hxLiAH6DWB2vWmBX6HRN7GNviCksR9zcrIs:7dHitWIio9zgIs
                                                                                                                                                                                                                                                                                            MD5:5A38DE4B1F1CEE04CE6CF96E1E07BA8B
                                                                                                                                                                                                                                                                                            SHA1:D66CCD2E1589D58E3621BCF2E63CCAE509171519
                                                                                                                                                                                                                                                                                            SHA-256:6AF1A8C435EF7BB1972E0509BBDD9A32B665949C248B6FD777833ABC527F290C
                                                                                                                                                                                                                                                                                            SHA-512:3069EDB787B0BDB46E023AB71E34B817CE4E00EE9AE69F7D75DA4D3477824761D38B30690F012EA3B1F54D3A25EDCFE292C1AC615FF4F2C4E82127D448CA98DB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:..........."!..0..............*... ........@.. ...............................g....`..................................*..Z....@..h...............8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ........................................w[zr..~.....8...<xq..W..xe...x.W.6pYMM..E..d..CJ..s...H.EKtfC V.Y7...6...o<g*.=.N.!..}".....R.r ....=.Q..*=yv.'.U>7.D{#..TBSJB............v4.0.30319......`.......#~......\...#Strings....P.......#GUID...`.......#Blob......................3......................................'.........C.............................g.{...%.{.....d.....{...|.{.....{.....{.....{...c.{.....{.............................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.767329523656509
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:DTdo1x3iWe7sWo6X6HRN7lVXC4deR9zVj7uS:Xdo1sBWlVXC4dC9zVjr
                                                                                                                                                                                                                                                                                            MD5:123A240246001C458E14CA32D40D56EC
                                                                                                                                                                                                                                                                                            SHA1:473A3DF6DF0269BC824B6B90217CFA2141AF59C1
                                                                                                                                                                                                                                                                                            SHA-256:BAE0097F29C72DC7095DB06156D11BE9949C28CD8FFE5605851FFA8308B443BA
                                                                                                                                                                                                                                                                                            SHA-512:58AB7B7F06BC0A418B77DCBE8ABDC66850791B3D0AC4EB3819EA717B5B151B167B7CEE7ECDBDB86E66A1EF073B7E877ADB0C70F3B973E712DCB637BC504D0916
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0..............+... ...@....... ..............................;n....`.................................E+..O....@...................)...`......X*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................y+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................................P.................<...........g.~...2.~.....1.....~.....~.....~.....~.....~...p.~.....~.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.626651656502574
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:g3ohYBNTtxaxzWp2vWEpWjA6Kr4PFHnhWgN7a0Wb3pWXYz1X01k9z3A/u84ts:g3oSX2zWp2vWEYA6VFHRN7SsoJR9zgu6
                                                                                                                                                                                                                                                                                            MD5:59C396A982C075DEC28848C21B9B3287
                                                                                                                                                                                                                                                                                            SHA1:49889A00099595C550AC919E381E030C11D84322
                                                                                                                                                                                                                                                                                            SHA-256:9399F32559DCF33BE15D7F7C67BA6139602439BA848128715D3919084EFF0C8A
                                                                                                                                                                                                                                                                                            SHA-512:1492AC135547ABA77EFFE2C1C8DA278CA04CF5C8836CE175682B163BA7BD392C10A2718A9667A1EA2F6DB4A7984550C5C511796183A29B5D7902D2C0A2F3E300
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............"!..0.............N3... ........@.. ....................................`..................................2..R....@..................()...`.......2..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................03......H........ ..4...................P ...............................................z..R+...x...].R.;.m.xd.........%k........_........>.....KG.`..g.......a.&...j....:.Q'L)J...@...r^\C....\.nuBSJB............v4.0.30319......`.......#~.. ...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F.....H.....N...............................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.Xml.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23848
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.279851716286934
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:x5FIeq5ufyw8bcB8yGOk2Y0WKvjsWLYA6VFHRN7RQXu0R9zI+SI:x5FIeWv2dNFClRGu49zp
                                                                                                                                                                                                                                                                                            MD5:70B07221E2FF122EDC83D1CE7878F071
                                                                                                                                                                                                                                                                                            SHA1:10DC2947E778C5D3279251214FFC4D6F537AAFBA
                                                                                                                                                                                                                                                                                            SHA-256:C55AFCA244EA174CD7D26B81342B831D61D15F3D80EEE9406168F136CBCDD5B6
                                                                                                                                                                                                                                                                                            SHA-512:DB0114AEA937A0443595C1CCF577D540FAEDCB632C0475B1C3CA26A5076CEFADF916196DE0CCB924A657428E77FE892748AE22D495668445B4E113C98B89EA85
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*...........I... ...`....... ....................................`..................................H..O....`..8............4..()...........H..T............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................I......H.......P ..4'...................G......................................BSJB............v4.0.30319......l...x...#~......X...#Strings....<%......#US.@%......#GUID...P%......#Blob......................3..................................................................S.....:.y...<.....O...................................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):50440
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.759917233301275
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:eOlKhT46UA2Zi5wRNH5JVb0U502zq1TntuqZbFClYV9z6C:tu6Zi5i5jzCkeZisz3
                                                                                                                                                                                                                                                                                            MD5:91D003E2BCC6C343D3C752C9745F807C
                                                                                                                                                                                                                                                                                            SHA1:A793B282D2125C2F9DD5FD0380DA475F92A804A7
                                                                                                                                                                                                                                                                                            SHA-256:DE72057E9A2E41290B8BB3B829B101F420477726E134069A2E0C33270DEF210F
                                                                                                                                                                                                                                                                                            SHA-512:7862E0B67DFA761F45078813AEDF06C3C1D06545FA1E5FAB72F64F1FC0B2153444789D9AB3F599521AF89B3702E20D3DEC0CDEA42EB0ECF649755B03A215E0AB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\System.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ...............................R....`.....................................O........................)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P .....................8.......................................BSJB............v4.0.30319......l....:..#~..d;..dR..#Strings...........#US........#GUID..........#Blob......................3............................-......................=..\..=.....=...=............; ..2.; ..T.M.....m=....m=....; ..9.; ....; ....; ....; .. .; ..P.; ................};....};....};..).};..1.};..9.};..A.};..Q.}; .Y.};..a.};..i.};..q.};..y.};....};....};......[.....d.........#.....+.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\WindowsBase.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16664
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.726952486721783
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:6asFWQClWVrcW+ZX6HRN70oFr9R9z6HrUv:NCn8W0oFD9z6LUv
                                                                                                                                                                                                                                                                                            MD5:AF65B24620A1E57D5AF9C71EE3AD9587
                                                                                                                                                                                                                                                                                            SHA1:32E842B3D79AF9B8076F807481A8FE37E5537037
                                                                                                                                                                                                                                                                                            SHA-256:54123FC5B700ACA49B87F05A94C42D65F094EEB4EF450CD51FCEB73DB303FAB4
                                                                                                                                                                                                                                                                                            SHA-512:CEE9E50631869F2D0976217BAE8A3CE78DFF933EC62A4D2D148C72631EC37746160D64EAA959246A5E2A4FF9AFA0186171EDA5972D3AA3A732ACF1F1CCE00A13
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V1*..........." ..0..............-... ...@....... ...................................`.................................O-..O....@..8................)...`......x,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l...p...#~......8...#Strings............#US.........#GUID...(.......#Blob......................3................................................................................r.....r...Q.(...g.r...6.r.....r.../.r...L.r.....r.....r..... ...........u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u...y.u.......................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):311096
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.240870672877532
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:7I9XK6chFjbdP7oCE33XfQIBchLZtfqYZdB90Js:eqn7fqYZdBH
                                                                                                                                                                                                                                                                                            MD5:7923B31012CC44878489207D9058E5A6
                                                                                                                                                                                                                                                                                            SHA1:5D93CDFD71B1742BE1198969705BDFA7A2D0C8B7
                                                                                                                                                                                                                                                                                            SHA-256:DD65F2279CCE3A21C39E66A7425AB82D23700326F042198D430E252029CA63FD
                                                                                                                                                                                                                                                                                            SHA-512:B7DF2BADF5591A0D223A4462A75A00869721D4ACC86C1056EB197DE7AB3ACB8555E5A95273FE6622BC831246C1E7EE50C14721E46BBD71A4F4393E11A9CF4A25
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)%=.mDS.mDS.mDS.~...lDS.~.Q.lDS.RichmDS.PE..d....^.g.........." ...(............................................................b.....`.......................................................... .................8)..............T............................................................................rdata..X...........................@..@.rsrc....... ......................@..@.....^.g........l...l...l........^.g.........................^.g........l...................................RSDS.X.....B......<.....D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb.............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... .......rsrc$01.....!......rsrc$02....................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrgc.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):668456
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.597516519981948
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:RGlUe0bQZSn84GFMN5mSVv8pg8OWFODaunfRSzPg9HRfAWbsxLTjjTVSAAbijTw7:QZZo8JaN5z+dufRS6xrgSAXTKWo
                                                                                                                                                                                                                                                                                            MD5:7C9621181833865B9B9A77A9D1A9C1E9
                                                                                                                                                                                                                                                                                            SHA1:0527DCF29FA178949BF268C534FDAA1E7D4620EF
                                                                                                                                                                                                                                                                                            SHA-256:9B254C85D28E19C39B1E12C041A24519BFC22F083BCCF0D0855866F57782CADD
                                                                                                                                                                                                                                                                                            SHA-512:C41CD072C569A098C47DDD240C9928422F54D0641A78E936D710AF0840C3C4063C28C7558B985A74DD08D7AD8D79484E6AE0A567CE6C03BFE88AABB002B24713
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........xM:..#i..#i..#i.a.i..#i."h..#i.."i..#io. h..#io.'h..#io.&h..#i..*h..#i..#h..#i...i..#i..!h..#iRich..#i........................PE..d...g^.g.........." ...(............@................................................|....`A........................................p...d......................\F......()...........+..p............................*..@............................................text............................... ..`.rdata..............................@..@.data...............................@....pdata..\F.......H..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clrjit.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1785112
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.5488066688404585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:OkM51Lv2FQJioLYRa19wEvKugOQY5iW4WGGzgdZO3Ebz8d:OBioLQi9w/5ONiVGzgdZO3P
                                                                                                                                                                                                                                                                                            MD5:CAFAB1FF05FF429BD46CB78B2FF8E9E8
                                                                                                                                                                                                                                                                                            SHA1:E02B3B243B6993C0ADD46CAB15BBB6549C602700
                                                                                                                                                                                                                                                                                            SHA-256:0DFE34BE78144CAD7DB5B66A7FCA3D86178EC0F353AAFBA6C81EB72E797E383B
                                                                                                                                                                                                                                                                                            SHA-512:F19B60D26D784B2000E67A8698F8915EF623EEE074DAB9B853BA927A20FF11AB267C4BA385971620470987240263F917199E1424F3D23D263382163D66435639
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4.~.4.~.4.~.=...8.~.D@..3.~.4....~..B}.>.~..Bz.$.~..B{...~.'Ep.L.~.'E~.5.~.'E..5.~.'E|.5.~.Rich4.~.................PE..d....].g.........." ...(.4..........PA.......................................p.......*....`A........................................p................@.......P..t........)...P.......@..p.......................(....?..@............P..p............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data....h.......@..................@....pdata..t....P......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\coreclr.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5039416
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.559853988421888
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:jh3nYAkdW1bIowGlFCJvETHWzaK6YL/XPSpRdUWPfeSk5GjyuQS7bPdB15i9FqeV:jkdW1bIowcrW6p0qnWHn+2OSn
                                                                                                                                                                                                                                                                                            MD5:389F964635CB95C6696744F56CBC092D
                                                                                                                                                                                                                                                                                            SHA1:F133DA56B7AD65D162656E052C358328877DB1B1
                                                                                                                                                                                                                                                                                            SHA-256:B4375494BB10BE11DB6134D361DF2F39A7A2C7F6696CA8D239A3ED424CE66DE7
                                                                                                                                                                                                                                                                                            SHA-512:49DBAB9C3D1E9FE506EA7E0942D431559DCAF406C8E8233AFDD234BD8337F735E1D9510861C1DE00B7295D5956EE166D0AD55AFCE2142FD75A876F506F4DC661
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................A.....m......m........&...jo.....jo.....jo.....h.....h..c...h.....h-.....E....h.....Rich....................PE..d....^.g.........." ...(..;..N...............................................pN....._.M...`A..........................................H.|...l.H.,.....N. .....I.......L.8)....N.._....=.p.....................>.(.....<.@.............;.......H.`....................text.....;.......;................. ..`.CLR_UEF\.....;.......;............. ..`.rdata...[....;..\....;.............@..@.data...*....@H..:....H.............@....pdata........I......PH.............@..@.didat..8.....L.......K.............@...Section.......L.......K.............@..._RDATA...2....L..4... K.............@..@.rsrc... .....N......TL.............@..@.reloc..._....N..`...\L.............@..B................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\createdump.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61800
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.349970742890166
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:vhwLsWpGD774wTlENE9Kb8lS8qs3PWG01Ekks3uN2wP2gbWF9zo:vhwLsWpG4Ntb8lumD2gbWXzo
                                                                                                                                                                                                                                                                                            MD5:4A80E852AD189E7269B336BF031BECA3
                                                                                                                                                                                                                                                                                            SHA1:197FA04A68FBBBEE806FF9880F4B849349F88A1B
                                                                                                                                                                                                                                                                                            SHA-256:B24FD57EC86913EA7364FE7CC981946D7D45A23D9868530BFF394DA84557B71B
                                                                                                                                                                                                                                                                                            SHA-512:76196E5A4D3B2FD8561A0F16136EF53F9848BC8FE336E482C981A891C1C3689620AE5737E414457678DDAE64F716F967EF12093CE0F04B2B829B67D53D44696E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................!T.....!T.....!T......V............S......Sb............S.....Rich...................PE..d....^.g.........."....(.r...Z......@/.........@..........................................`.............................................................................h)......t......T...............................@............................................text....p.......r.................. ..`.rdata...=.......>...v..............@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\hostpolicy.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):393512
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.331878832760126
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Ux0Ke3VmzsnHpYHkGWqTRDERqBwT5eQC0+1Bs2u7FksfEXk0Pzfw:k0KWVmzsnKHkgTWkBDQq1K2vk+4
                                                                                                                                                                                                                                                                                            MD5:25FD4181AB8B572A1BBFBA2F4A9EC239
                                                                                                                                                                                                                                                                                            SHA1:B834DFC4C908B3CB8D3FC40771E6D0E900C7DE64
                                                                                                                                                                                                                                                                                            SHA-256:65D61078B6B97884AD09AA12DA97D96F50F7D98E6D163C926AE199F9BB58A3CE
                                                                                                                                                                                                                                                                                            SHA-512:38B708595E5A91194FDB089AE56E4051841C27406F8E770BB720EE9A5D66E6FB1CE8599F224071C2C23D30D832315C2A51A532677F121B383547F149385D1246
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g/.D.A.D.A.D.A...B.N.A...E.N.A...D...A.M~.V.A.4.@.A.A.D.@...A.W.H.Z.A.W.A.E.A.W...E.A.W.C.E.A.RichD.A.........PE..d.../a.g.........." ...(.8..........P........................................ ............`A............................................ ...0....................2......().......... ...p.......................(.......@............P...............................text...\7.......8.................. ..`.rdata..(N...P...P...<..............@..@.data...............................@....pdata...2.......4..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1338384
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3581682679559135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:SABsjnIunobZ5eGiBSk7uf9xg9Y/qZLPyoRyKngNLi0/rqsaoGSZNrWVwi00szJU:SjIuG4Sk7ug9Y/qkNe4rqsaknjGZZv
                                                                                                                                                                                                                                                                                            MD5:51EE5E6865F0D6F5A9C3F08181E263D1
                                                                                                                                                                                                                                                                                            SHA1:9C0745545DA0AFD24881529FD5062A4343AF7762
                                                                                                                                                                                                                                                                                            SHA-256:6C52462719DC63E935B967F796DF5E4D91B07D85792529D488455BF5D5A6E6A8
                                                                                                                                                                                                                                                                                            SHA-512:D27FA79335606B41BA49E1060288504688A118FC4852634FC4D03C2E453262FF5966D381C055428BF3E01ABB9CF980DABA2A91EDF46EE428A5AB30F28871F3D4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f!...r...r...r..r...rh*.s...rh*.s...rh*.s...r.(.s...r.(.s...r...r...r.-.s...r.-.s...r.-.r...r.-.s...rRich...r........................PE..d....\.g.........." ...(.b................................................................`A.........................................g..p...Pi.......`..........<....F...&...p..........p.......................(...@...@............................................text...`a.......b.................. ..`.rdata...............f..............@..@.data................^..............@....pdata..<............l..............@..@.rsrc........`.......$..............@..@.reloc.......p.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordaccore_amd64_amd64_8.0.1124.51707.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1338384
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3581682679559135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:SABsjnIunobZ5eGiBSk7uf9xg9Y/qZLPyoRyKngNLi0/rqsaoGSZNrWVwi00szJU:SjIuG4Sk7ug9Y/qkNe4rqsaknjGZZv
                                                                                                                                                                                                                                                                                            MD5:51EE5E6865F0D6F5A9C3F08181E263D1
                                                                                                                                                                                                                                                                                            SHA1:9C0745545DA0AFD24881529FD5062A4343AF7762
                                                                                                                                                                                                                                                                                            SHA-256:6C52462719DC63E935B967F796DF5E4D91B07D85792529D488455BF5D5A6E6A8
                                                                                                                                                                                                                                                                                            SHA-512:D27FA79335606B41BA49E1060288504688A118FC4852634FC4D03C2E453262FF5966D381C055428BF3E01ABB9CF980DABA2A91EDF46EE428A5AB30F28871F3D4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f!...r...r...r..r...rh*.s...rh*.s...rh*.s...r.(.s...r.(.s...r...r...r.-.s...r.-.s...r.-.r...r.-.s...rRich...r........................PE..d....\.g.........." ...(.b................................................................`A.........................................g..p...Pi.......`..........<....F...&...p..........p.......................(...@...@............................................text...`a.......b.................. ..`.rdata...............f..............@..@.data................^..............@....pdata..<............l..............@..@.rsrc........`.......$..............@..@.reloc.......p.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscordbi.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1241616
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3502741331068
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:KyL6o2uNNwfPWN0uenPtMDQUxbDjfDFuFZ0a4KU/mhRtI/2g/GWQ9s16yCp54yq:KyL6oXqU0uePtM/DjfDFYyaLmug/H
                                                                                                                                                                                                                                                                                            MD5:546589C51162826DB43BA02DF92496A2
                                                                                                                                                                                                                                                                                            SHA1:06F12A763CD7F73063179B5AEB537EA67FA6AE71
                                                                                                                                                                                                                                                                                            SHA-256:A91540E748CBC2C44C091ED618C785A5400C27A742AA6C6DA4CF80923DB00F7D
                                                                                                                                                                                                                                                                                            SHA-512:D038979709A1F829BFC25FD06A1F9E38AC99376E619BD31885B083B6ED862FA76743F1B15621D39865E67769AD2953CA2A9B093C1F4530250FCCF38B164CD3CA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c..c..c...p.c..C...c..C...c..C...c......c......c..c..<c.....c......c.....c.....c.....c..Rich.c..........PE..d....\.g.........." ...(............0O...............................................g....`A........................................P...`....................@...........&......p...@:..p....................<..(....9..@............ ...............................text............................... ..`.rdata..(.... ......................@..@.data........ ......................@....pdata.......@......................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorlib.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):59696
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.652717651829639
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:kt51EDMpCUoqFY66Gw17oqZn/TEHmyrchswz6EEZcYf5o4ba2yGlG1QeY48lCiDV:ktFcC3ZcYf5o4bZyGc1A4cDXWQQzi3
                                                                                                                                                                                                                                                                                            MD5:52CFF557AED4CBD8D59B899A761B82BA
                                                                                                                                                                                                                                                                                            SHA1:E99FE78B96578A4A8036A07D431A3EB21FFA83C7
                                                                                                                                                                                                                                                                                            SHA-256:2F8E23C3566B02B2F9E0E1B86D6D81D3CE0DF06C5B9AEB68CEB66B6B152ED099
                                                                                                                                                                                                                                                                                            SHA-512:ED9B3A1BBA91FDEADCCFBDD63F10B72915EEFEA182564A62C163C34A865F00AFE81B72DC32FB55BA4D97803222ED934FB92861B6E16A9A58E785FCD2BDF8D1E9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{\............" ..0.................. ........... ....................... ............`.................................q...O.......(...............0)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......P ..................... .......................................BSJB............v4.0.30319......l...$O..#~...O..(b..#Strings............#US.........#GUID..........#Blob......................3................................e.....b/........L%.O...).O....RO..EP.......+..:.:4..J$:4...&S0...+.O...%.O...(:4...&:4...":4....:4....:4..U&:4....:4.................N.....N.....N..)..N..1..N..9..N..A..N..Q..N .Y..N..a..N..i..N..q..N..y..N.....N.....N......R.....[.....z...#.....+.

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\mscorrc.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):137016
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.906071951546616
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:zxl191YWvh7xR+l5dZU49N9SqignwJ5cvBMgSIctpoECygW7tgzE:zxldal5dZU4dSqHns2SpSkgSSg
                                                                                                                                                                                                                                                                                            MD5:01691B7E80FFFF518797EF61B1358FBD
                                                                                                                                                                                                                                                                                            SHA1:E188AE3623E459AF7A84442DAFB01E4E65744383
                                                                                                                                                                                                                                                                                            SHA-256:7D2F7896B52606E9C77AD2A21C0BB8E765D9AA7FD2DE471E90A204C99655B83F
                                                                                                                                                                                                                                                                                            SHA-512:BD9F20B74585E658C08EF0712FC8278E2DA6DC32236F4E88D574F614C4E9E1181764D93B88C7FB78C8394817D514651AFBFBA8AB6FE97FE27A1C73AA89A3548B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)%=.mDS.mDS.mDS.~...lDS.~.Q.lDS.RichmDS.PE..d....^.g.........." ...(.............................................................b....`.......................................................... ..................8)..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@.....^.g........j...l...l........^.g.........................^.g........l...................................RSDS.n.H ..O......j.....D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb...............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..P....rsrc$01....P:.......rsrc$02....................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\msquic.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):538136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.299714405457925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:q5YDDKStgzRK093ertSfiOMVAXUYYJJOb:qmDxSP6OaLYYJC
                                                                                                                                                                                                                                                                                            MD5:027854570A4412624BECEE78A10395C1
                                                                                                                                                                                                                                                                                            SHA1:6B0E6BC0CD97F2CAC1B962BE868FC7CB621D77F8
                                                                                                                                                                                                                                                                                            SHA-256:2D67E87859ECAEB15C4DD621B0983F1A9AD3E2AA9B11624C018A43E6D6B06BEC
                                                                                                                                                                                                                                                                                            SHA-512:8593D309434C7954AA42E5BD63F76A5BAE783C8F2130798EA285032C71F890C4C1783614597EE2BA3DA3294A68CE636EA2A9DCB21A858A840C8D8F6316928D65
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:..:..:..:..;..<U..%..<U..1..<U..*..3......q...?..:.....q...8..TU.....TU..;..TUj.;..:...8..TU..;..Rich:..................PE..d......e.........." ...&.@...................................................p......7.....`A.........................................|..h....|..h........@.......:.......(...`......0...T..............................@............P..h............................text...q>.......@.................. ..`.rdata...C...P...D...D..............@..@.data...............................@....pdata...:.......<..................@..@_RDATA..............................@..@.rsrc....@.......B..................@..@.reloc.......`......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):101160
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.502135579975956
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:bYsYXj0p2NYq5V4bgDHsPdIpuSE5L3Ukcz9wnXiKdkz:MMkYe4bgDUAxCnXI
                                                                                                                                                                                                                                                                                            MD5:937A6DCE409FE67D60722137A5E860EC
                                                                                                                                                                                                                                                                                            SHA1:9DC0849E2164D7B25F7F0F6DC3B9600EC431E914
                                                                                                                                                                                                                                                                                            SHA-256:F56C741CC18D17CB031A9CDEB3DE3C4662CF80CB65F434DCA5DF328AC682C5C1
                                                                                                                                                                                                                                                                                            SHA-512:B5379A528CDCB6F55A85002D89FCA19B2C2BC9461647E3B81791D63E8F2E0227B22427CB2A60393F3A6FC9B1E407E23E2B22AF93C378A16D83B232CA2DE74D79
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..X...........v... ........... ....................................`.................................?v..O.......8............b..()..........hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc...8............Z..............@..@.reloc...............`..............@..B................sv......H.......P ...T...................t......................................BSJB............v4.0.30319......l...`...#~..... ...#Strings.....Q......#US..Q......#GUID....R......#Blob......................3............................P...,......H.........5....:....'...m......,.@..5#.T..P4.T...7.J...B....i5....u:.T..n7.T..&1.T.....T.../.T..(7.T...(.T.............................)....1....9....A....Q.. .Y....a....i....q....y..........................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2402
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                                                                            MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                                                                            SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                                                                            SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                                                                            SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):651
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                            MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                            SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                            SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                            SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714d8.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2994176
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878656466069426
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:/+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:/+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                            MD5:161DC4DAB13372653178EE20E4425617
                                                                                                                                                                                                                                                                                            SHA1:84AFB549C3F546E10FCDA181190E1ADCEB519076
                                                                                                                                                                                                                                                                                            SHA-256:678E3DA3B697049B132B3BDE032437D99675CE85F7CBA594AAAC0D93927CE971
                                                                                                                                                                                                                                                                                            SHA-512:509E7CE95BC54246CD5ABE1747F2F890E8143A5B504BA7FA5ED8C48E769297AAF135BDC3B5C1545F5F764C209D6822AF79B3F762BC2D7DCE96E641CC9F63C543
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714da.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2994176
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878656466069426
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:/+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:/+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                            MD5:161DC4DAB13372653178EE20E4425617
                                                                                                                                                                                                                                                                                            SHA1:84AFB549C3F546E10FCDA181190E1ADCEB519076
                                                                                                                                                                                                                                                                                            SHA-256:678E3DA3B697049B132B3BDE032437D99675CE85F7CBA594AAAC0D93927CE971
                                                                                                                                                                                                                                                                                            SHA-512:509E7CE95BC54246CD5ABE1747F2F890E8143A5B504BA7FA5ED8C48E769297AAF135BDC3B5C1545F5F764C209D6822AF79B3F762BC2D7DCE96E641CC9F63C543
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714db.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: x64;1033, Revision Number: {911E9E2F-B38D-4D02-A148-5E49FC9D8943}, Create Time/Date: Wed Feb 28 10:52:04 2024, Last Saved Time/Date: Wed Feb 28 10:52:04 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2994176
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878630966889847
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:s+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oq1xMbY+K/tzQz:s+lUlz9FKbsodq0YaH7Z1xMb8tT
                                                                                                                                                                                                                                                                                            MD5:5E90226ABB5A004B0B9DB9A9E67BAC21
                                                                                                                                                                                                                                                                                            SHA1:34EB703055BAFA469A714F18C7F00E5098B764AF
                                                                                                                                                                                                                                                                                            SHA-256:BE0C53481ED4CF3EC4D0AD16053CD18D6AAD8C349B8281F5F9B90B526420CEAE
                                                                                                                                                                                                                                                                                            SHA-512:2676357D10AA76F09F2A1F691C7566D54E34B20716EDF1301B2D69C3E3400D0A70E7C1738AEA9A75334B384AB988CEA3A07B983C900AE32395285BE61673C288
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714e7.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: x64;1033, Revision Number: {911E9E2F-B38D-4D02-A148-5E49FC9D8943}, Create Time/Date: Wed Feb 28 10:52:04 2024, Last Saved Time/Date: Wed Feb 28 10:52:04 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2994176
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878630966889847
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:s+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oq1xMbY+K/tzQz:s+lUlz9FKbsodq0YaH7Z1xMb8tT
                                                                                                                                                                                                                                                                                            MD5:5E90226ABB5A004B0B9DB9A9E67BAC21
                                                                                                                                                                                                                                                                                            SHA1:34EB703055BAFA469A714F18C7F00E5098B764AF
                                                                                                                                                                                                                                                                                            SHA-256:BE0C53481ED4CF3EC4D0AD16053CD18D6AAD8C349B8281F5F9B90B526420CEAE
                                                                                                                                                                                                                                                                                            SHA-512:2676357D10AA76F09F2A1F691C7566D54E34B20716EDF1301B2D69C3E3400D0A70E7C1738AEA9A75334B384AB988CEA3A07B983C900AE32395285BE61673C288
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714e8.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 936, Title: Installation Database, Subject: Splashtop Streamer, Author: Splashtop Inc., Keywords: Installer,MSI,Database, Comments: Splashtop Streamer Installer, Create Time/Date: Wed Nov 27 19:46:34 2024, Name of Creating Application: InstallShield?2021 27, Security: 1, Template: Intel;0,1033,2052,1028,1036,1031,1040,1041,1042,1046,1049,1034, Last Saved By: Intel;2052, Revision Number: {B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.4;{B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.4;{001F085C-058A-480B-AD56-2940B857C38D}, Number of Pages: 200, Number of Characters: 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53075456
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.963205524800128
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1572864:snOdpvYs+cvrrjOAYfDJnEAOns5w5k8BzFl73:sQNLOAYfzOBO8B3
                                                                                                                                                                                                                                                                                            MD5:94938EB1C2006B2C0A2B53F976F074D0
                                                                                                                                                                                                                                                                                            SHA1:85351B97E9EC8F6A81EE98EDAF3F22213C14EF7C
                                                                                                                                                                                                                                                                                            SHA-256:6FF1D88358B823C3390639FE740774AE1D6CADDB8E46C482D7F6104B403D3A3D
                                                                                                                                                                                                                                                                                            SHA-512:16F9285F7D9238E27E640241C25E154729B9CE33F2C3A9CDCF6F01633B9BE9B78550C43735A5C0316671E19B8A415E4DED9C2E4E23445268E871BFEBE2902856
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...................*...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-......./.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;.................................................................................................................. ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...B...M...:...<.......=...........@...A...:...C...D...E...F...G...H...I...J...N...L...........O...P...Q...R...S...T...U...Z...W...X...Y.......[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714eb.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 936, Title: Installation Database, Subject: Splashtop Streamer, Author: Splashtop Inc., Keywords: Installer,MSI,Database, Comments: Splashtop Streamer Installer, Create Time/Date: Wed Nov 27 19:46:34 2024, Name of Creating Application: InstallShield?2021 27, Security: 1, Template: Intel;0,1033,2052,1028,1036,1031,1040,1041,1042,1046,1049,1034, Last Saved By: Intel;2052, Revision Number: {B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.4;{B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.4;{001F085C-058A-480B-AD56-2940B857C38D}, Number of Pages: 200, Number of Characters: 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53075456
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.963205524800128
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1572864:snOdpvYs+cvrrjOAYfDJnEAOns5w5k8BzFl73:sQNLOAYfzOBO8B3
                                                                                                                                                                                                                                                                                            MD5:94938EB1C2006B2C0A2B53F976F074D0
                                                                                                                                                                                                                                                                                            SHA1:85351B97E9EC8F6A81EE98EDAF3F22213C14EF7C
                                                                                                                                                                                                                                                                                            SHA-256:6FF1D88358B823C3390639FE740774AE1D6CADDB8E46C482D7F6104B403D3A3D
                                                                                                                                                                                                                                                                                            SHA-512:16F9285F7D9238E27E640241C25E154729B9CE33F2C3A9CDCF6F01633B9BE9B78550C43735A5C0316671E19B8A415E4DED9C2E4E23445268E871BFEBE2902856
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...................*...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-......./.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;.................................................................................................................. ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...B...M...:...<.......=...........@...A...:...C...D...E...F...G...H...I...J...N...L...........O...P...Q...R...S...T...U...Z...W...X...Y.......[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714ed.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Runtime - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Runtime - 8.0.11 (x64)., Template: x64;1033, Revision Number: {D9788553-CDFF-4792-87FA-89ADA20ADBA7}, Create Time/Date: Thu Oct 17 23:36:38 2024, Last Saved Time/Date: Thu Oct 17 23:36:38 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):27566080
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.994779231183715
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:Y2a7yZcd+9F/PHkT4Lqt85HrI5K4Krj8A0Lr1k:Yvg9r95Hrh4c8A0t
                                                                                                                                                                                                                                                                                            MD5:B9C6D23462ADEF092B8A5B7880531B03
                                                                                                                                                                                                                                                                                            SHA1:9E8C4F7F48D38FB54A93789A583852869C074F2D
                                                                                                                                                                                                                                                                                            SHA-256:2E23DA54AA1FF64DE09021AB089C1BE6D4A323BDF0D8F46F78B5C6A33DF83109
                                                                                                                                                                                                                                                                                            SHA-512:18623991C5690E516541EAF867F22B3A1A02317392178943143BEDC7F7EDA5E02E69665C3C4A5FA50ADE516A191BBBF16FD71E60F3225F660FB10EBC25CD01A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714f0.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Runtime - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Runtime - 8.0.11 (x64)., Template: x64;1033, Revision Number: {D9788553-CDFF-4792-87FA-89ADA20ADBA7}, Create Time/Date: Thu Oct 17 23:36:38 2024, Last Saved Time/Date: Thu Oct 17 23:36:38 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):27566080
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.994779231183715
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:Y2a7yZcd+9F/PHkT4Lqt85HrI5K4Krj8A0Lr1k:Yvg9r95Hrh4c8A0t
                                                                                                                                                                                                                                                                                            MD5:B9C6D23462ADEF092B8A5B7880531B03
                                                                                                                                                                                                                                                                                            SHA1:9E8C4F7F48D38FB54A93789A583852869C074F2D
                                                                                                                                                                                                                                                                                            SHA-256:2E23DA54AA1FF64DE09021AB089C1BE6D4A323BDF0D8F46F78B5C6A33DF83109
                                                                                                                                                                                                                                                                                            SHA-512:18623991C5690E516541EAF867F22B3A1A02317392178943143BEDC7F7EDA5E02E69665C3C4A5FA50ADE516A191BBBF16FD71E60F3225F660FB10EBC25CD01A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714f1.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 8.0.11 (x64)., Template: x64;1033, Revision Number: {EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}, Create Time/Date: Thu Oct 17 23:36:28 2024, Last Saved Time/Date: Thu Oct 17 23:36:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):790528
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.679922945107014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:4XZw5pChV1EgXmEI3os2Qx7E4D4Rxbp4K+1uiqB:4Xsp8Xdc3/7Rin+sZ
                                                                                                                                                                                                                                                                                            MD5:D73DE5788AB129F16AFDD990D8E6BFA9
                                                                                                                                                                                                                                                                                            SHA1:88CB87AF50EA4999E2079D9269CE64C8EB1A584E
                                                                                                                                                                                                                                                                                            SHA-256:4F9AC5A094E9B1B4F0285E6E69C2E914E42DCC184DFE6FE93894F8E03CA6C193
                                                                                                                                                                                                                                                                                            SHA-512:BFC32F9A20E30045F5207446C6AB6E8EF49A3FD7A5A41491C2242E10FEE8EFD2F82F81C3FF3BF7681E5E660FDE065A315A89D87E9F488C863421FE1D6381BA3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714f4.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 8.0.11 (x64)., Template: x64;1033, Revision Number: {EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}, Create Time/Date: Thu Oct 17 23:36:28 2024, Last Saved Time/Date: Thu Oct 17 23:36:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):790528
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.679922945107014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:4XZw5pChV1EgXmEI3os2Qx7E4D4Rxbp4K+1uiqB:4Xsp8Xdc3/7Rin+sZ
                                                                                                                                                                                                                                                                                            MD5:D73DE5788AB129F16AFDD990D8E6BFA9
                                                                                                                                                                                                                                                                                            SHA1:88CB87AF50EA4999E2079D9269CE64C8EB1A584E
                                                                                                                                                                                                                                                                                            SHA-256:4F9AC5A094E9B1B4F0285E6E69C2E914E42DCC184DFE6FE93894F8E03CA6C193
                                                                                                                                                                                                                                                                                            SHA-512:BFC32F9A20E30045F5207446C6AB6E8EF49A3FD7A5A41491C2242E10FEE8EFD2F82F81C3FF3BF7681E5E660FDE065A315A89D87E9F488C863421FE1D6381BA3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714f5.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 8.0.11 (x64)., Template: x64;1033, Revision Number: {821DC2A6-AEB1-4796-80C6-7F7EC027B94F}, Create Time/Date: Thu Oct 17 23:43:58 2024, Last Saved Time/Date: Thu Oct 17 23:43:58 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):720896
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4600879618022065
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:mLNzV1EgXmEI3os2Qx7E4D4Rxbp4K+1uiqG:ezXdc3/7Rin+su
                                                                                                                                                                                                                                                                                            MD5:AEF2D4D02B45FA95D8ABCAC57E60D21B
                                                                                                                                                                                                                                                                                            SHA1:11C91E25DCF7F1357AB0FB0A6307A71B45DAB754
                                                                                                                                                                                                                                                                                            SHA-256:EBE13E660C208681E2F1C10FA59D8B37540F2E6187751703FA5BBB5F4B300EB1
                                                                                                                                                                                                                                                                                            SHA-512:C78E41D5B2C845C106B088881CF72DDDF64BE09F72D7AC6078E944E7C9F6AFB428E0BAD7FEC45BB539AD04694467FC302E0A915522123FE02F80BFE1762C2EF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\5714f8.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 8.0.11 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 8.0.11 (x64)., Template: x64;1033, Revision Number: {821DC2A6-AEB1-4796-80C6-7F7EC027B94F}, Create Time/Date: Thu Oct 17 23:43:58 2024, Last Saved Time/Date: Thu Oct 17 23:43:58 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.9323), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):720896
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4600879618022065
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:mLNzV1EgXmEI3os2Qx7E4D4Rxbp4K+1uiqG:ezXdc3/7Rin+su
                                                                                                                                                                                                                                                                                            MD5:AEF2D4D02B45FA95D8ABCAC57E60D21B
                                                                                                                                                                                                                                                                                            SHA1:11C91E25DCF7F1357AB0FB0A6307A71B45DAB754
                                                                                                                                                                                                                                                                                            SHA-256:EBE13E660C208681E2F1C10FA59D8B37540F2E6187751703FA5BBB5F4B300EB1
                                                                                                                                                                                                                                                                                            SHA-512:C78E41D5B2C845C106B088881CF72DDDF64BE09F72D7AC6078E944E7C9F6AFB428E0BAD7FEC45BB539AD04694467FC302E0A915522123FE02F80BFE1762C2EF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI160F.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4718640
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.577411582364798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:k3H5BNwueVRfsCljR+cCD+EA5IxtenSzRGPCjtQa3yRWbWJNf:k3H5BNMsCFRi+9nWzQaOgc
                                                                                                                                                                                                                                                                                            MD5:08211C29E0D617A579FFA2C41BDE1317
                                                                                                                                                                                                                                                                                            SHA1:4991DAE22D8CDC6CA172AD1846010E3D9E35C301
                                                                                                                                                                                                                                                                                            SHA-256:3334A7025FF6CD58D38155A8F9B9867F1A2D872964C72776C9BF4C50F51F9621
                                                                                                                                                                                                                                                                                            SHA-512:D6AE36A09745FDD6D0D508B18EB9F3499A06A7EEAFA0834BB47A7004F4B7D54F15FEC0D0A45B7E6347A85C8091CA52FE4C679F6F23C3668EFE75A660A8CE917F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1620.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI1620.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1620.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1620.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1620.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1620.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1B40.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):182768
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.29474871459677
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:M3hCcV2YVWR8xSSIqeCjEIz+hZvgvE5Q+yq8MPdJ0xH:ErTz9Pj/Ag/+XPw
                                                                                                                                                                                                                                                                                            MD5:9ED1749276D20BE78D5E7A30D658C484
                                                                                                                                                                                                                                                                                            SHA1:EAAEA2656A63366A888955CE030E091FEA70F0F6
                                                                                                                                                                                                                                                                                            SHA-256:61F398C652504FEE07AF12AC50D4A70ECFF641234A4EDA59C68EC937B6D80C96
                                                                                                                                                                                                                                                                                            SHA-512:33ACF0BDBD1F33526D348A47BC00963843FC72EB203DF07D0136110109C892FB20AA9D3147204F958B95D750F7F98EB5DF3C387ED4B8802B7F929F201B41E90F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x......................K.......................n...............nz.....K.......K.......K.........T.....K.......Rich....................PE..L....7.d...........!.................................................................I....@..........................E..a....6..........p................-......t...................................h...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......:..............@....rsrc...p............L..............@..@.reloc...H.......J...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1BDE.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI1BDE.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1BDE.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1BDE.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1BDE.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI1BDE.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI237E.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.660576026391609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:FVzl3qiEZybztEwiUx6D02cWVsV1v2vZR3X6j7zo6k2FkngTLrOrORT9flQnS6lg:FVIMEgXmEAR3oHon2VaFuG0eEp
                                                                                                                                                                                                                                                                                            MD5:928F4B0FC68501395F93AD524A36148C
                                                                                                                                                                                                                                                                                            SHA1:084590B18957CA45B4A0D4576D1CC72966C3EA10
                                                                                                                                                                                                                                                                                            SHA-256:2BF33A9B9980E44D21D48F04CC6AC4EED4C68F207BD5990B7D3254A310B944AE
                                                                                                                                                                                                                                                                                            SHA-512:7F2163F651693F9B73A67E90B5C820AF060A23502667A5C32C3BEB2D6B043F5459F22D61072A744089D622C05502D80F7485E0F86EB6D565FF711D5680512372
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S-...L.I.L.I.L.Ir*.H.L.Ir*.H.L.IE$.H.L.IE$.H.L.IE$.H.L.Ir*.H.L.Ir*.H.L.Ir*.H.L.I.L.I.L.I.%.H0L.I.%.H.L.I.%.I.L.I.L`I.L.I.%.H.L.IRich.L.I........PE..L......f...........!.........R......Q........ ......................................K8....@..........................................`..x............D..H(...p......@...T...............................@............ ..,............................text...K........................... ..`.rdata..T.... ......................@..@.data....#...0......................@....rsrc...x....`....... ..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI24C8.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69889
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.644080386813573
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:FoIzNdxb3zQouDaRAsZdBuW2GpgmqpQAu:bRb3RRdBuJZ9pRu
                                                                                                                                                                                                                                                                                            MD5:B6E22A21C13629B4DFC1A24A8396220C
                                                                                                                                                                                                                                                                                            SHA1:DBEDFFCA87F0554A7E4305A6E99B31360338467C
                                                                                                                                                                                                                                                                                            SHA-256:D2F3111D329349D2E8534B1E31DB2711420D708C5518EC2978A1314AFD29F943
                                                                                                                                                                                                                                                                                            SHA-512:DAF7C105D4FEBFF995759BC862A5BDB207D9BA3DF53A8E35F363C1073C36A29D4DBBAD61C27FD6C688F1FA0EDAD7DF8B0E03BF98AE5BBFD369236B32E1813503
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{9C80213E-9079-4561-8D57-1FDD0D62251F}%.Microsoft .NET Runtime - 8.0.11 (x64)!.dotnet-runtime-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{D9788553-CDFF-4792-87FA-89ADA20ADBA7}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{F81D99A3-0880-5654-AED5-B1AA39FA6285}R.02:\Software\Classes\Installer\Dependencies\dotnet_runtime_64.44.23191_x64\Version.@.......@.....@.....@......&.{E6B3315F-85DE-56F4-AA3E-2A4820293382}D.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\.version.@.......@.....@.....@......&.{115BDECA-5A1C-5E3D-8EC7-4C45804415E5}H.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.11\clretwrc.dll.@.......@.....@.....@......&.{605499FF-1868-5A10-9952-9F413E0E17EA}E.C:\Pr

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI2E00.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI2E00.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI2E00.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI2E00.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI2E00.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI2E00.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI3256.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):437333
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648070093132552
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:ct3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4Ks8:szOE2Z34KGzOE2Z34Kv
                                                                                                                                                                                                                                                                                            MD5:DB3C505D7DC1BEC0C088A2E1FC01D86B
                                                                                                                                                                                                                                                                                            SHA1:52C9D169F40DEC928DA502A4222FEA42A17033B1
                                                                                                                                                                                                                                                                                            SHA-256:ADB42CAC11404283C39B3B50786729B11DB488F92866C0DC1A4294A3A14EBACE
                                                                                                                                                                                                                                                                                            SHA-512:D4FFB721EBB8E69324DA2BC1606A16067885CFDCFCD06D0F3462B42DCD4DA3BAFC128473371E4806B7AE5F965648B24142DF3EE92A686288693C2D80974AA060
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI3256.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@;X.Z.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..PropostaOrcamentoPdf.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[.........

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI3257.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI32B6.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI349B.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI3CB.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI4A38.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI4A38.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI4A38.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI4A38.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI4A38.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI4A38.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI4A38.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI5138.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.660576026391609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:FVzl3qiEZybztEwiUx6D02cWVsV1v2vZR3X6j7zo6k2FkngTLrOrORT9flQnS6lg:FVIMEgXmEAR3oHon2VaFuG0eEp
                                                                                                                                                                                                                                                                                            MD5:928F4B0FC68501395F93AD524A36148C
                                                                                                                                                                                                                                                                                            SHA1:084590B18957CA45B4A0D4576D1CC72966C3EA10
                                                                                                                                                                                                                                                                                            SHA-256:2BF33A9B9980E44D21D48F04CC6AC4EED4C68F207BD5990B7D3254A310B944AE
                                                                                                                                                                                                                                                                                            SHA-512:7F2163F651693F9B73A67E90B5C820AF060A23502667A5C32C3BEB2D6B043F5459F22D61072A744089D622C05502D80F7485E0F86EB6D565FF711D5680512372
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S-...L.I.L.I.L.Ir*.H.L.Ir*.H.L.IE$.H.L.IE$.H.L.IE$.H.L.Ir*.H.L.Ir*.H.L.Ir*.H.L.I.L.I.L.I.%.H0L.I.%.H.L.I.%.I.L.I.L`I.L.I.%.H.L.IRich.L.I........PE..L......f...........!.........R......Q........ ......................................K8....@..........................................`..x............D..H(...p......@...T...............................@............ ..,............................text...K........................... ..`.rdata..T.... ......................@..@.data....#...0......................@....rsrc...x....`....... ..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI5659.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.660576026391609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:FVzl3qiEZybztEwiUx6D02cWVsV1v2vZR3X6j7zo6k2FkngTLrOrORT9flQnS6lg:FVIMEgXmEAR3oHon2VaFuG0eEp
                                                                                                                                                                                                                                                                                            MD5:928F4B0FC68501395F93AD524A36148C
                                                                                                                                                                                                                                                                                            SHA1:084590B18957CA45B4A0D4576D1CC72966C3EA10
                                                                                                                                                                                                                                                                                            SHA-256:2BF33A9B9980E44D21D48F04CC6AC4EED4C68F207BD5990B7D3254A310B944AE
                                                                                                                                                                                                                                                                                            SHA-512:7F2163F651693F9B73A67E90B5C820AF060A23502667A5C32C3BEB2D6B043F5459F22D61072A744089D622C05502D80F7485E0F86EB6D565FF711D5680512372
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S-...L.I.L.I.L.Ir*.H.L.Ir*.H.L.IE$.H.L.IE$.H.L.IE$.H.L.Ir*.H.L.Ir*.H.L.Ir*.H.L.I.L.I.L.I.%.H0L.I.%.H.L.I.%.I.L.I.L`I.L.I.%.H.L.IRich.L.I........PE..L......f...........!.........R......Q........ ......................................K8....@..........................................`..x............D..H(...p......@...T...............................@............ ..,............................text...K........................... ..`.rdata..T.... ......................@..@.data....#...0......................@....rsrc...x....`....... ..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI56E7.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2798
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.742925747787116
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:6Lxo9BHc83ebhIpqUHMb6P39ez1kfQxbD8SBhron4K7GeU1DanboJeEysoiD2k+g:6Lxo9BHHqYHP6xPHro4xe6OboJeE7oih
                                                                                                                                                                                                                                                                                            MD5:D7851D9CFC5B246E7DCA528BC47C9FA8
                                                                                                                                                                                                                                                                                            SHA1:DCE9ACC2684BEF8DF243C4282C6E1D25F3F6D94C
                                                                                                                                                                                                                                                                                            SHA-256:C87D7538CEDB1DC3147428A0DD8A577DFD9250DEA2C4491B18AE560A5CFCBDBB
                                                                                                                                                                                                                                                                                            SHA-512:A3C7694E3CBA6D8588D8BFBC1EF8A7AF308375161F7A15A9C49CDC48FB6E827C1ADAD26ED69D4212434F49F1B49E65DBCB7F80BA8161C3F33466C76561DCAFD3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{F59C11F0-D73F-452B-8D1D-8C33B82D8507}..Microsoft .NET Host FX Resolver - 8.0.11 (x64)!.dotnet-hostfxr-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{EBC96263-55B4-4BCE-B9C8-B460A20F0BE4}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{4FD6DFC4-5859-531B-9E4A-DE2781CCA754}V.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.44.23191_x64\Version.@.......@.....@.....@......&.{88F54D57-4C26-5E97-B6AB-FB77E26C265C}3.C:\Program Files\dotnet\host\fxr\8.0.11\hostfxr.dll.@.......@.....@.....@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\hostfxr\Version.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Dire

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI5968.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.660576026391609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:FVzl3qiEZybztEwiUx6D02cWVsV1v2vZR3X6j7zo6k2FkngTLrOrORT9flQnS6lg:FVIMEgXmEAR3oHon2VaFuG0eEp
                                                                                                                                                                                                                                                                                            MD5:928F4B0FC68501395F93AD524A36148C
                                                                                                                                                                                                                                                                                            SHA1:084590B18957CA45B4A0D4576D1CC72966C3EA10
                                                                                                                                                                                                                                                                                            SHA-256:2BF33A9B9980E44D21D48F04CC6AC4EED4C68F207BD5990B7D3254A310B944AE
                                                                                                                                                                                                                                                                                            SHA-512:7F2163F651693F9B73A67E90B5C820AF060A23502667A5C32C3BEB2D6B043F5459F22D61072A744089D622C05502D80F7485E0F86EB6D565FF711D5680512372
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S-...L.I.L.I.L.Ir*.H.L.Ir*.H.L.IE$.H.L.IE$.H.L.IE$.H.L.Ir*.H.L.Ir*.H.L.Ir*.H.L.I.L.I.L.I.%.H0L.I.%.H.L.I.%.I.L.I.L`I.L.I.%.H.L.IRich.L.I........PE..L......f...........!.........R......Q........ ......................................K8....@..........................................`..x............D..H(...p......@...T...............................@............ ..,............................text...K........................... ..`.rdata..T.... ......................@..@.data....#...0......................@....rsrc...x....`....... ..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI5E4B.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.660576026391609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:FVzl3qiEZybztEwiUx6D02cWVsV1v2vZR3X6j7zo6k2FkngTLrOrORT9flQnS6lg:FVIMEgXmEAR3oHon2VaFuG0eEp
                                                                                                                                                                                                                                                                                            MD5:928F4B0FC68501395F93AD524A36148C
                                                                                                                                                                                                                                                                                            SHA1:084590B18957CA45B4A0D4576D1CC72966C3EA10
                                                                                                                                                                                                                                                                                            SHA-256:2BF33A9B9980E44D21D48F04CC6AC4EED4C68F207BD5990B7D3254A310B944AE
                                                                                                                                                                                                                                                                                            SHA-512:7F2163F651693F9B73A67E90B5C820AF060A23502667A5C32C3BEB2D6B043F5459F22D61072A744089D622C05502D80F7485E0F86EB6D565FF711D5680512372
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S-...L.I.L.I.L.Ir*.H.L.Ir*.H.L.IE$.H.L.IE$.H.L.IE$.H.L.Ir*.H.L.Ir*.H.L.Ir*.H.L.I.L.I.L.I.%.H0L.I.%.H.L.I.%.I.L.I.L`I.L.I.%.H.L.IRich.L.I........PE..L......f...........!.........R......Q........ ......................................K8....@..........................................`..x............D..H(...p......@...T...............................@............ ..,............................text...K........................... ..`.rdata..T.... ......................@..@.data....#...0......................@....rsrc...x....`....... ..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI5EBA.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4235
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.715695649288444
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:RLKz/5peVPQHLx7705bAAKD6uce6K4D/kmEP8s:92SUx7unA6uce6umW7
                                                                                                                                                                                                                                                                                            MD5:A45D605D5BC206351BE78FCCFF94399B
                                                                                                                                                                                                                                                                                            SHA1:841AFED9BF73CDC00DBEF3D97BCABC17CC5D8C91
                                                                                                                                                                                                                                                                                            SHA-256:BD0D8B98D35CEE3A38357E549A98B4869550FBB48CFDDCF86AA3B04B33419617
                                                                                                                                                                                                                                                                                            SHA-512:91EE706EDD5C2D616EBDC2E1E0436A089B67A0D4D4A013F54E8E6162160F8216E276818BC9E455A1C38792357F86D413F4ADD40417E01C08E9AE22FE42EBE167
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{362B4D0D-8438-44DA-86B2-FEC44E000FCA}".Microsoft .NET Host - 8.0.11 (x64)..dotnet-host-8.0.11-win-x64.msi.@.....@.Z,@.@.....@........&.{821DC2A6-AEB1-4796-80C6-7F7EC027B94F}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 8.0.11 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{7ECCA0D4-8C88-50DD-A538-CDC29B9350D1}Q.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Version.@.......@.....@.....@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}".C:\Program Files\dotnet\dotnet.exe.@.......@.....@.....@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}B.22:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost\Version.@.......@.....@.....@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\Install

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI7550.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):224328
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.660576026391609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:FVzl3qiEZybztEwiUx6D02cWVsV1v2vZR3X6j7zo6k2FkngTLrOrORT9flQnS6lg:FVIMEgXmEAR3oHon2VaFuG0eEp
                                                                                                                                                                                                                                                                                            MD5:928F4B0FC68501395F93AD524A36148C
                                                                                                                                                                                                                                                                                            SHA1:084590B18957CA45B4A0D4576D1CC72966C3EA10
                                                                                                                                                                                                                                                                                            SHA-256:2BF33A9B9980E44D21D48F04CC6AC4EED4C68F207BD5990B7D3254A310B944AE
                                                                                                                                                                                                                                                                                            SHA-512:7F2163F651693F9B73A67E90B5C820AF060A23502667A5C32C3BEB2D6B043F5459F22D61072A744089D622C05502D80F7485E0F86EB6D565FF711D5680512372
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S-...L.I.L.I.L.Ir*.H.L.Ir*.H.L.IE$.H.L.IE$.H.L.IE$.H.L.Ir*.H.L.Ir*.H.L.Ir*.H.L.I.L.I.L.I.%.H0L.I.%.H.L.I.%.I.L.I.L`I.L.I.%.H.L.IRich.L.I........PE..L......f...........!.........R......Q........ ......................................K8....@..........................................`..x............D..H(...p......@...T...............................@............ ..,............................text...K........................... ..`.rdata..T.... ......................@..@.data....#...0......................@....rsrc...x....`....... ..............@..@.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI8B4B.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):182768
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.29474871459677
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:M3hCcV2YVWR8xSSIqeCjEIz+hZvgvE5Q+yq8MPdJ0xH:ErTz9Pj/Ag/+XPw
                                                                                                                                                                                                                                                                                            MD5:9ED1749276D20BE78D5E7A30D658C484
                                                                                                                                                                                                                                                                                            SHA1:EAAEA2656A63366A888955CE030E091FEA70F0F6
                                                                                                                                                                                                                                                                                            SHA-256:61F398C652504FEE07AF12AC50D4A70ECFF641234A4EDA59C68EC937B6D80C96
                                                                                                                                                                                                                                                                                            SHA-512:33ACF0BDBD1F33526D348A47BC00963843FC72EB203DF07D0136110109C892FB20AA9D3147204F958B95D750F7F98EB5DF3C387ED4B8802B7F929F201B41E90F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x......................K.......................n...............nz.....K.......K.......K.........T.....K.......Rich....................PE..L....7.d...........!.................................................................I....@..........................E..a....6..........p................-......t...................................h...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......:..............@....rsrc...p............L..............@..@.reloc...H.......J...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI8B9A.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):171064
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.093983981233022
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:jq44uv69SIrScxe0IZNJ+x+uk+hZPDFNkXAO4VR:jfn2Slcxe0Fc9CcQO2
                                                                                                                                                                                                                                                                                            MD5:E80F90724939D4F85FC49DE2460B94B5
                                                                                                                                                                                                                                                                                            SHA1:512EA4DEBA1C97CC7EC394BCE0E4A32CD497176E
                                                                                                                                                                                                                                                                                            SHA-256:8041D3CCBAFA491D35F70030C3AFEBA683B0235BED24F242878D04C7E87B8687
                                                                                                                                                                                                                                                                                            SHA-512:9494F1CD058DC3923E4F562D8ED2EDF3D252F519EFC6DB4F1B5289D8A1B841A6CB927E14D33DAB98E0BD4D22A5A473B8CD9424F77213527FBE0C183126356767
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._`,"..Bq..Bq..Bq..q..Bq<.q..Bq..q..Bq..q/.Bq..qh.Bq.y.q..Bq.y.q..Bq..Cq..Bq..q..Bq..q..Bq..q..Bq...q..Bq..q..BqRich..Bq........PE..L...`.a...........!.....p...$.....................................................P...................................m............`..p............x..8$...p.. .......................................@............................................text....o.......p.................. ..`.rdata..M............t..............@..@.data....1... ......................@....rsrc...p....`.......$..............@..@.reloc...L...p...N...*..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI8C86.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4718640
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.577411582364798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:k3H5BNwueVRfsCljR+cCD+EA5IxtenSzRGPCjtQa3yRWbWJNf:k3H5BNMsCFRi+9nWzQaOgc
                                                                                                                                                                                                                                                                                            MD5:08211C29E0D617A579FFA2C41BDE1317
                                                                                                                                                                                                                                                                                            SHA1:4991DAE22D8CDC6CA172AD1846010E3D9E35C301
                                                                                                                                                                                                                                                                                            SHA-256:3334A7025FF6CD58D38155A8F9B9867F1A2D872964C72776C9BF4C50F51F9621
                                                                                                                                                                                                                                                                                            SHA-512:D6AE36A09745FDD6D0D508B18EB9F3499A06A7EEAFA0834BB47A7004F4B7D54F15FEC0D0A45B7E6347A85C8091CA52FE4C679F6F23C3668EFE75A660A8CE917F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI9D6F.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4718640
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.577411582364798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:k3H5BNwueVRfsCljR+cCD+EA5IxtenSzRGPCjtQa3yRWbWJNf:k3H5BNMsCFRi+9nWzQaOgc
                                                                                                                                                                                                                                                                                            MD5:08211C29E0D617A579FFA2C41BDE1317
                                                                                                                                                                                                                                                                                            SHA1:4991DAE22D8CDC6CA172AD1846010E3D9E35C301
                                                                                                                                                                                                                                                                                            SHA-256:3334A7025FF6CD58D38155A8F9B9867F1A2D872964C72776C9BF4C50F51F9621
                                                                                                                                                                                                                                                                                            SHA-512:D6AE36A09745FDD6D0D508B18EB9F3499A06A7EEAFA0834BB47A7004F4B7D54F15FEC0D0A45B7E6347A85C8091CA52FE4C679F6F23C3668EFE75A660A8CE917F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIA31D.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):563559
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.78394482359923
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:8wSv7f8m8end5Xy+1kvI8k9W91iVXuXskIhf:8Jh8edk+1kv5K+Whf
                                                                                                                                                                                                                                                                                            MD5:6D251E9ED58805EFF4438123BD8B77CC
                                                                                                                                                                                                                                                                                            SHA1:F998368E04B3E549106283C190910EACE4A11451
                                                                                                                                                                                                                                                                                            SHA-256:10F5FA794E2C04EE451833AC472A61DFB955A10253944668806FB0DB380B9E47
                                                                                                                                                                                                                                                                                            SHA-512:2BE6C114F2F380FC22D57EBB1BA8BE2388EE1731FC976727BBBB93A255276BC74F1E29D1EF9329B32B54E7287BA45FB14292F991735080BF4C802AF00C4DB622
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{3D8827C3-3F73-4AD7-9420-7CA93653C8F2}2.C:\Program Files (x86)\Splashtop\Splashtop Remote\.@.......@.....@.....@......&.{61B538AB-B209-C01B-F95C-B0A0531054D2}M.C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Acknowledgements.htm.@.......@.....@.....@......&.{3742F778-8BAC-9729-A5BE-712DA9BEB95A}@.C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\.@.......@.....@.....@......&.{ADBB7064-411F-E593-D901-EACB3BA8154E}Z.C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_dr

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIA90D.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIA90D.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIA90D.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIA90D.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIA90D.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIA90D.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIA90D.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIADE0.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIADE0.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIADE0.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIADE0.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIADE0.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIADE0.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICD60.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):521954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                            MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                            SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                            SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                            SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICD60.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                            MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                            SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                            SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                            SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSICD60.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICD60.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1538
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                            MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                            SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                            SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                            SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICD60.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):184240
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                            MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                            SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                            SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                            SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICD60.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):711952
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                            MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                            SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                            SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                            SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSICD60.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61448
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                            MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                            SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                            SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                            SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSID725.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):435976
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.65146349665531
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:Lt3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4Kse:ZzOE2Z34KGzOE2Z34K5
                                                                                                                                                                                                                                                                                            MD5:FB3FCA85923594C1E1AE23492E47EF65
                                                                                                                                                                                                                                                                                            SHA1:CD3A107C85C2178E3AA38F872D77A5F40CD90B83
                                                                                                                                                                                                                                                                                            SHA-256:8C183F24EB5FFFF6F6AEC32DFE56CE56807971CF6F1365F53706C49D141BBEDD
                                                                                                                                                                                                                                                                                            SHA-512:6AF5C57971B5871AA859EDD27CFAEFBF002642F2E112ABCC34A34878D88E128716FD3D73526D3A7DC4D5B507737E2D221F70F3647E04CAF9658B1C8E197F5C57
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSID725.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@tX.Z.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..PropostaOrcamentoPdf.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........InstallInitialize......&.{18F64F52-CE08-434F-A5F1-7A8A39D59EEA}....&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}c.&.{18F64F52-CE08-434F-A5F1-7A8A39D59EEA}............StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@..........

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSID745.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSID8DC.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIDB8D.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIE7C.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4718640
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.577411582364798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:k3H5BNwueVRfsCljR+cCD+EA5IxtenSzRGPCjtQa3yRWbWJNf:k3H5BNMsCFRi+9nWzQaOgc
                                                                                                                                                                                                                                                                                            MD5:08211C29E0D617A579FFA2C41BDE1317
                                                                                                                                                                                                                                                                                            SHA1:4991DAE22D8CDC6CA172AD1846010E3D9E35C301
                                                                                                                                                                                                                                                                                            SHA-256:3334A7025FF6CD58D38155A8F9B9867F1A2D872964C72776C9BF4C50F51F9621
                                                                                                                                                                                                                                                                                            SHA-512:D6AE36A09745FDD6D0D508B18EB9F3499A06A7EEAFA0834BB47A7004F4B7D54F15FEC0D0A45B7E6347A85C8091CA52FE4C679F6F23C3668EFE75A660A8CE917F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIF891.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14156723
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.577386995018951
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:393216:EBSFRi+5WsaOg1BSFRi+5WsaOgyBSFRi+5WsaOgG:TNWLOgKNWLOgZNWLOgG
                                                                                                                                                                                                                                                                                            MD5:6EFAE24ADA8B551B802D4C8BE9F094BE
                                                                                                                                                                                                                                                                                            SHA1:6311A86DE7F95A75451C132C8972106CA1A19B2C
                                                                                                                                                                                                                                                                                            SHA-256:46B469A08B2E0FCCA3E52ABE32324F78C6DC05C70E626B392D046682343EA1C0
                                                                                                                                                                                                                                                                                            SHA-512:D33CCC7E5BE3F13FE7069EE1375BD56CB8D72F5C491A57EF02A98CDF3135B0CEF67EAF228AF3C5948BE013CC3F4ADA8DCA6E42AD081CBA1886D7C5C68940002D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.X.Z.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........Util_UpdateSetting....J...Util_UpdateSetting.@......0.H.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f...

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFB80.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4718640
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.577411582364798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:k3H5BNwueVRfsCljR+cCD+EA5IxtenSzRGPCjtQa3yRWbWJNf:k3H5BNMsCFRi+9nWzQaOgc
                                                                                                                                                                                                                                                                                            MD5:08211C29E0D617A579FFA2C41BDE1317
                                                                                                                                                                                                                                                                                            SHA1:4991DAE22D8CDC6CA172AD1846010E3D9E35C301
                                                                                                                                                                                                                                                                                            SHA-256:3334A7025FF6CD58D38155A8F9B9867F1A2D872964C72776C9BF4C50F51F9621
                                                                                                                                                                                                                                                                                            SHA-512:D6AE36A09745FDD6D0D508B18EB9F3499A06A7EEAFA0834BB47A7004F4B7D54F15FEC0D0A45B7E6347A85C8091CA52FE4C679F6F23C3668EFE75A660A8CE917F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFDBC.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):437217
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.647822865762189
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:Qt3jOZy2KsGU6a4Kspt3jOZy2KsGU6a4Ksw:ozOE2Z34K+zOE2Z34Kh
                                                                                                                                                                                                                                                                                            MD5:6FB02264A979724F4EEB428945A78AFE
                                                                                                                                                                                                                                                                                            SHA1:2F49E0243173321726F7974C7358016BF0C99C2B
                                                                                                                                                                                                                                                                                            SHA-256:EF02CC78B647F0EE535AC632766864B618BD34A335B3A012262CB7D84C53F284
                                                                                                                                                                                                                                                                                            SHA-512:335219DDE24E6A4C7F998C27A9E0905CE346AEAC3292B5058DDAAA581627DA7EBE9630F2775F78E2932AC87C225D0A4AB771C7A59D7B1EF3574564DB63A724AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIFDBC.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@yX.Z.@.....@.....@.....@.....@.....@......&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}..AteraAgent..ateraAgentSetup64_1_8_7_2.msi.@.....@.....@.....@........&.{911E9E2F-B38D-4D02-A148-5E49FC9D8943}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[....

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFDDC.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFEA8.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSIFF84.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):216496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                            MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                            SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                            SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                            SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{362B4D0D-8438-44DA-86B2-FEC44E000FCA}

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.1716568893647141
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72FjqAGiLIlHVRpph/7777777777777777777777777vDHFCel9YXWl0i8Q:JQQI5dj9EF
                                                                                                                                                                                                                                                                                            MD5:C5200F50CBEBEC015413574D18D1AFF9
                                                                                                                                                                                                                                                                                            SHA1:FA85CAAB7941A96AB9D217C76DF0968D688D74C2
                                                                                                                                                                                                                                                                                            SHA-256:0083763738FDFA6D34678A7C1DED0C9C364ECD6E13C3D330D00881CA019BB482
                                                                                                                                                                                                                                                                                            SHA-512:7DFB15BF2BC930A6E874C7E1D95325269522B89B7CC04CFB930840AE8ADEC8518A062B0A3B44AA36E6A24B1BDBB1A59E481BDD6A5618D4B3CE41F767FB4AF6BC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.1728063395920545
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72FjqS6AGiLIlHVRpIh/7777777777777777777777777vDHFzTPrfWrl0i5:JMS6QI5wBTr/F
                                                                                                                                                                                                                                                                                            MD5:F472BF803549C92476ADFB182DCBE3A8
                                                                                                                                                                                                                                                                                            SHA1:9D9BD2B9035C47AF109FF58EFE7DE3D63F222294
                                                                                                                                                                                                                                                                                            SHA-256:7470649DCDEE1DBAE107258DAAE7A0983D53282C16AB26A016D04D0B65711D11
                                                                                                                                                                                                                                                                                            SHA-512:8EC272FAF272DB4694DF48187BE00BF2A1088060C6C648A16F035D2DF0FC2F20AB52F82D2E7E0FB79E9F84A82AF29D4EE739EF13E617BC46EC6CFFC360AFD5E4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{9C80213E-9079-4561-8D57-1FDD0D62251F}

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.1754957014637064
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72FjwpAGiLIlHVRpUh/7777777777777777777777777vDHFz6vYF/Xl0i8Q:JqQI5Ex6v06F
                                                                                                                                                                                                                                                                                            MD5:4F1013FA9620EE2BC994CA782EE64291
                                                                                                                                                                                                                                                                                            SHA1:C5BD8855E67B0A6DE0021795BE8235B77D95CA41
                                                                                                                                                                                                                                                                                            SHA-256:83D20D1EB0D3021E76D8C872E28C1068D4DB7E3B9880ADD19BCC3C972AEAC720
                                                                                                                                                                                                                                                                                            SHA-512:95A66D4185B6DED27B56316CF1FF3DEE4319A816D30E4C2CBA46C55EB3BD6A3575BF73DCB56006D22DF7AA418E0FEC64BA5EF2DC226B95B96F8ECE622A999C15
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{B7C5EA94-B96A-41F5-BE95-25D78B486678}

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.162027706547586
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72Fjs26AGiLIlHVRpMh/7777777777777777777777777vDHFq0lp3Xl0i8Q:JG26QI5cFb6F
                                                                                                                                                                                                                                                                                            MD5:C6CBF505B768361E1C88FA62A3D97FD4
                                                                                                                                                                                                                                                                                            SHA1:197BE851476B1E143433B8D026B64C73A48BA870
                                                                                                                                                                                                                                                                                            SHA-256:F1D2028F45DDF0AEC1905846263E1D84612213D639C6B713CDA9FD54CC888964
                                                                                                                                                                                                                                                                                            SHA-512:733C6986D95DF4891DA3DCC7EAFD9D9401384411FCAB4C54234D3F14BE1EBC96077115B650BADFE469BEBAA1877ABF4D8FA01F29FA06E0AAA14A759640BBF06C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.1702173653204517
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72Fjlt6AGiLIlHVRpDh/7777777777777777777777777vDHFLGy/MDIpyMz:Jx6QI5nTkUeF
                                                                                                                                                                                                                                                                                            MD5:92D860931EFBDC96CA4A7A297677B9D7
                                                                                                                                                                                                                                                                                            SHA1:986D4F671D2699DAACCF267D0D6BC5CAC9550198
                                                                                                                                                                                                                                                                                            SHA-256:BE547C8541735538D93977292E7524B57F24A8BE596CE59085B4EA9B788DDE50
                                                                                                                                                                                                                                                                                            SHA-512:3C10DFCCC49BF472EAB22730F5C3F20BB082A329CC7AD1FCFFAD1E1845EA309F3D1265E1846A4FF4DE1D61E7BBD18E87400FC35F6CEC526939368B42C67EECCC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{F59C11F0-D73F-452B-8D1D-8C33B82D8507}

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.173742067580503
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72Fj0aAGiLIlHVRpUh/7777777777777777777777777vDHF8nNU7kF/Xl0G:JeaQI5Eai7Y6F
                                                                                                                                                                                                                                                                                            MD5:BA65B1F058C975DD984850AD058356F6
                                                                                                                                                                                                                                                                                            SHA1:BFA435D005801E3F68D3A535E8A7DA2A92554292
                                                                                                                                                                                                                                                                                            SHA-256:D6CE0CB09C6FBF27370C8172CE1A77217C8DD0A6755914947A90FCD77CB4BE35
                                                                                                                                                                                                                                                                                            SHA-512:ED325ED3307CA8AF45A29418AE6F094FFCD0A3C5B2A113E3E185807A5EB02B5FF261764A944A0FDEF21A773F6F38F7F4044479E46F6927998D7742B7203AD7F5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.6002829950355284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:M8PhTuRc06WXzmjT56dL4ByWFSjndd4d/EqdvUDjWbQiSsndd4dXE8Rb:jhT1bjTkL4EWF9WD6Ngt
                                                                                                                                                                                                                                                                                            MD5:36A9ED42FBC35AD98748C27DA78B5A57
                                                                                                                                                                                                                                                                                            SHA1:6F1431074F8A1FB922782C23B503299A75CF9E47
                                                                                                                                                                                                                                                                                            SHA-256:4C50C6E9070B44EEAE0F35E6A4AD6BF7BF8B27D63D260B214C143D6293F1C73F
                                                                                                                                                                                                                                                                                            SHA-512:EC9AAEC68BC1EF31CD36E9478C61CAC7CD543C356EA2A60FC0146C3A2392BA0CDAB6E8B5C5E42ED05B6142F7AF0C58432076431D31685DD35D4A1F5113179781
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):454656
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.348929773767357
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:D7f8m8end5Xy+1kvI8k9W91iVXuXskIhT:/h8edk+1kv5K+WhT
                                                                                                                                                                                                                                                                                            MD5:149336F319D9AE2CA49E49FC61E834AC
                                                                                                                                                                                                                                                                                            SHA1:E00591F432E8B306A349D76BF280736E4509E49F
                                                                                                                                                                                                                                                                                            SHA-256:9E06D2D011DA7F988CF974584BB9F2D780D2460DAE92B02FF13F50FC2B3ED2E8
                                                                                                                                                                                                                                                                                            SHA-512:BF7BC7C5FCD881C2A2E19914A0C3D765BED36D63C3FF0D60C07DA4CB8072F45DA3BC0DE7605BFE83B23E0572F1B700C0B613C049DC613F7470C095AE7EC9931D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L......a.................@...................P....@.........................................................................4T..(........^...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....^.......`..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):360001
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3629843290015335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauj:zTtbmkExhMJCIpEq
                                                                                                                                                                                                                                                                                            MD5:B69A9739018CCFFF0502E3AA871B8576
                                                                                                                                                                                                                                                                                            SHA1:62FA134B8F84150B4072A1B2C8CDCADC97279CE6
                                                                                                                                                                                                                                                                                            SHA-256:C23CD4B0C78EA710888E99CBC7D284A4B1B9FE844E21D8180BF94AC625A52291
                                                                                                                                                                                                                                                                                            SHA-512:0AA27434BD1A0FA26D6A62506B284E96F911AC3D732C42B3EFA596090CF961E5690A6707F5B836F296ABECAE76AB1EFB42388E9233CFC1F474C47939380BBFBF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):651
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                            MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                            SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                            SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                            SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                            C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):992
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.80698684663122
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Us43XVBVhcmMRVhMipNVeBVhcmMRVhrNXpsgOh/BVhcmMRVhgOhn:unVBXPSXM6eBXPSXF5oBXPSXgc
                                                                                                                                                                                                                                                                                            MD5:6B5E884C444C144B6DAAE5BC900B95E4
                                                                                                                                                                                                                                                                                            SHA1:6BF293C52848351592CFDE7737C5C798E1805E9F
                                                                                                                                                                                                                                                                                            SHA-256:7064C7447B52ABBBFA006C9BA35E4C96704234BEC90C8742BE3C4B85DE3AB4F7
                                                                                                                                                                                                                                                                                            SHA-512:DB0EF22A9A81203C16922479274416A22BC6DB9ED1AD61366D00BAC1AD6CCA4046D93052BB55D50DFDD67FF599F7CFA9C8426EBB0BF11C1CAB0871EE613BFDF7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed.......The uninstall is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The uninstall has completed...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):114880
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.451391432012121
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:5JvMaAG6kqor6FrZbt0zfIagnbSLDIIfF61rAOkC7IWQ:5NMPG65I6Zb+gbE8qF61B8x
                                                                                                                                                                                                                                                                                            MD5:4DB3A53990B8F43FB45001343594076D
                                                                                                                                                                                                                                                                                            SHA1:2C0140DA5ACA081C774C533F7CAE025F8936975C
                                                                                                                                                                                                                                                                                            SHA-256:47984509F9A9898C3E74CF43D858E89CF318DBD6590630BCF23EDD6A14FA8974
                                                                                                                                                                                                                                                                                            SHA-512:A612531C757E9597AFEF4F45292A0D4CB2F149DF5C031ACFCA2C63B8D319224347DEC32A2F134F06E2E7B9D81EB1626FC9A7DFCCACCCD529692752738D83C727
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0....0.......0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..250114130341Z..250121130341Z0....0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!................210608000001Z0!...1.o}...c/...-R}..210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):114880
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.451391432012121
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:5JvMaAG6kqor6FrZbt0zfIagnbSLDIIfF61rAOkC7IWQ:5NMPG65I6Zb+gbE8qF61B8x
                                                                                                                                                                                                                                                                                            MD5:4DB3A53990B8F43FB45001343594076D
                                                                                                                                                                                                                                                                                            SHA1:2C0140DA5ACA081C774C533F7CAE025F8936975C
                                                                                                                                                                                                                                                                                            SHA-256:47984509F9A9898C3E74CF43D858E89CF318DBD6590630BCF23EDD6A14FA8974
                                                                                                                                                                                                                                                                                            SHA-512:A612531C757E9597AFEF4F45292A0D4CB2F149DF5C031ACFCA2C63B8D319224347DEC32A2F134F06E2E7B9D81EB1626FC9A7DFCCACCCD529692752738D83C727
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0....0.......0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..250114130341Z..250121130341Z0....0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!................210608000001Z0!...1.o}...c/...-R}..210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):471
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.063446747051874
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JyYOp5GLsHBRHWemMep166KmbVbNBIdsS:JROpILsH+Ma6LoJPgsS
                                                                                                                                                                                                                                                                                            MD5:9A39ADC95FB1464D253A22DCC2DC14E5
                                                                                                                                                                                                                                                                                            SHA1:6E34744D17C588A8E0F94869B03AB62D0F44E644
                                                                                                                                                                                                                                                                                            SHA-256:6639E71FFEC722986995500ED8A380C4B3964136813809EC9D126C5CFCE87DA1
                                                                                                                                                                                                                                                                                            SHA-512:644CB184A0B5B8E7190A6F130922B162CEDFCAE797746D7FB340B0F8C7BBAB05755E2CE97D4AA506A6CA39328900A98544B402CFF2ED4EB6552BD5441D0419FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20250113190516Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20250113190516Z....20250120190516Z0...*.H.................JbA.("2...mV1.!.....4LP.C.0..*........v..c.=...."...n.s.L..Z.c`..O|...Do.=...U..{7.d=.C...=...R.......^..dr...Q.?.|..FS.y..1.p1y.:.).2.?Ii...6.y..?..#..../.?>*)..c...[.(.@.V.^....^....5rP..e....g.T..@~3.=o.P......1...i..@rPh..PTC.8...2?@..gj..

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):727
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.5079461125114415
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:5o6Tq9lc5h44TUq99LUkVAi1JT/wMyNCRC22+TB7CD7AXa73I3k02eeAS/W2EQWj:5kcoqPUFi1lwMys9ZCDV1e7iWGyZn
                                                                                                                                                                                                                                                                                            MD5:1BB19C410E02CA6D5F8295A3FA85563E
                                                                                                                                                                                                                                                                                            SHA1:285A640DFA6CCB9132CB7DBFAEBB14B237DAE87C
                                                                                                                                                                                                                                                                                            SHA-256:ADFC1E9F6C3BECEBB814C57E5EA2FA8F5F4371BFCF4C1B7BAE1088A2B5F53566
                                                                                                                                                                                                                                                                                            SHA-512:0734302FAE2DA55BF9E6574BC175CBA4BD0D53BF379A0799A2D90D3C0471529D219AE3CE08A4E22AF951DEDA73082BB5DD398B59ECE8725C15959E5D4BAFD51F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20250113213701Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20250113212101Z....20250120202101Z0...*.H.................}..j5Or.3.ir......;H.......-~..)..CT......TS.i....!.........f..v.............<}.B....!...5..t........Rk(.a.......)<..|2...i.8.]..T}...S..P...A\.<i........,f...R....%'5.B.Qv..;.x..g...P.a.^".G..z..".*........R...M#.UNO...w-k.".l."(.S.~c>N.7Lb0.@7/}...5....9...........(...3g........#../.i.{.\.I.....T<........%%.P......)..P....i\.@T.H.....%..*....dXl3X.%...G........R\~7.I....7).1l.....i..a.~.oTk.....w.LZ...=(.r._..._XE.1]....t.I.>....H.iF....tR'.._....ax.?........7o...l.'e .

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):737
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.565780603065243
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:yeRLaWQMnFQlRBUgKFfBxQuix9SkgJ6RcKih9gPmd91KONLyjMGS6SKs4gua4zqK:y2GWnSigKtAH9EJ6M9gPmfL0MGS5Kk8N
                                                                                                                                                                                                                                                                                            MD5:0E14DB06920C2D2E50D2071941218738
                                                                                                                                                                                                                                                                                            SHA1:A757F434B4219FAFF8AF80DC144B3ADE934D56C5
                                                                                                                                                                                                                                                                                            SHA-256:CECA014E85F774C72F95CD9F9ECA7BF8338643101FA58B27A5838764C143D715
                                                                                                                                                                                                                                                                                            SHA-512:9A16C11661DD18F7CA45F92921D84D42A0C178176A22570D1C50F26FD7E3168B97AFB721CDAFEB51E485520C2AE4B2BCB7628C048BF38636C6C20310B3E66605
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..250107210859Z..250128210859Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H..............?.a3<U.a....0.r1b....#.ct.....m..&JN{..W.'..Z...W.Y.F.....{Z..L.!f...h.]xl..`Vh78.....Yr. p.m^....j#..L.....kXv.K..4.....x..R1.JX.*.....|.s=.<...5Q.............I....)T......!^./#%..*.L..j.L.SZ..s.|....%.s..-..2........$.7.....MdV...$o.Lp..$aR.8..H;t.}.....I(@..-.`..^.m..c.X.r...s{..P.e.23u.=.m....B...h.~...&...N.;g.....M^..}.b<.V.....p}OnQ..P...O.l@.Bu.)...>aS./)F.0..=0C.,...-.R_\xv3.&.-.N.E`..N.../.f..XA...~...%Q...>.@<..8.+..5o.....K.,b.YQkh.(,...y!F..q.X..).><.....m...X..l",.;q.D..l..

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1716
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                                                            MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                                                            SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                                                            SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                                                            SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):727
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.5280330787861836
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:5onfZfVc5RlRtBfQjcHsFBtOLw/VOZl+7e87auxjTe3zg4ElBSvwkNE:5iBVcdZA6MtOcOZlhklxj6guvNNE
                                                                                                                                                                                                                                                                                            MD5:5C0AA48299F60746526052C72F06E161
                                                                                                                                                                                                                                                                                            SHA1:1DD200CD75643C9EC75DCE015AE0736662E60E8D
                                                                                                                                                                                                                                                                                            SHA-256:D49C0C053E9BD9660FEFC28B44EB51EB8042253F6728626EFB165F6064DE19CC
                                                                                                                                                                                                                                                                                            SHA-512:2897E05D1903FF8ABD8D15E42E95704219488116CB2D307E1613EF0B5ECE1CD95F59AD817DE89B0106F555D80CA36B6519E890292E05BB84DFDDF848C6B13F5C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20250113184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20250113184215Z....20250120184215Z0...*.H..............y#HU.............[>.. ..UB.\/.EG...:..?.fO:.F.'..)e/.._&..NA..".$.-.H._...8.s.'.......xx+..Q.....[=.8.."......RO.....Y... ^"....K/.?.I....;...p.i_.?....0..o......a...w/./|b5[dY.)z....g;.H....j6.n....?.ZB+.C..~.E.K.....:5..V$..S.."z.w5.DEj.P.....Qg...#.[....t%xN..zZ.S.L.L.Z.E..*-...Z*j.....?..........c.....%=.5<..8.[.....1...l...)|...T..A..s}..'...^..1.....z...!'.....T.&.x..c..D..2....lNq.a..h...E....-...q}!.8!..j4l..l}_0..V......m..O.PTO..$5...<.`.:..A......Q...=.v....;.g.

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1428
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                                                            MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                                                            SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                                                            SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                                                            SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):306
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.251267312291351
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:kkFkl0tB/tfllXlE/J4Dbslf/lS8WXdA31y+NW0y1YboOai2WelVJUTMVDXlVklu:kKlrQ4MyAUSW0P3PeXJUwh8lmi36lT+k
                                                                                                                                                                                                                                                                                            MD5:5F5B76A7E8727A98E80249CE0A27987F
                                                                                                                                                                                                                                                                                            SHA1:D3FE970B30BE3A5CB53E5A7EBF15B3156619BC2B
                                                                                                                                                                                                                                                                                            SHA-256:F47561B23CEF83060137D58C351F3D8F656B743E9A56130AF037F73220FC0805
                                                                                                                                                                                                                                                                                            SHA-512:A778E55B8A0071972A1C91F36FC273E9B83C8C67A9CFCB4EAFAE4D3003A4DF9896876FE8E36352F9BD46F2CB3F7061F66598168AD26DD3742FB2ADED434CEEF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... ........t.8.....(....................................................... ..........U.f......"...............h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.l...".6.7.8.6.6.3.5.d.-.1.c.0.c.0."...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):306
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2714137078350785
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:kkFkl1Cv1fllXlE/J4Db9nn/lS8kIdA31y+NW0y1YboOai2WelVJUTMVDXlVklmh:kKLw4lmOAUSW0P3PeXJUwh8lmi36lT+k
                                                                                                                                                                                                                                                                                            MD5:408B803A976A765B578553AE2411EB79
                                                                                                                                                                                                                                                                                            SHA1:9876962006ADD5B72CF1D28B8E40A3359BB57F2F
                                                                                                                                                                                                                                                                                            SHA-256:834835F7010B71A9F4491D2FF169489DA8A6C576D1DD1AF1ED60D2C64D2CA8FE
                                                                                                                                                                                                                                                                                            SHA-512:8BC5EFF31B62753C7E260ED2D9220A08B47E961017380BE7ADBBCDB35AACF0D098E1F91DBBAE302EBE98AE14C2F6608B153F0C2501C9B9D4D0D5CD9A74E45B74
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... .........,!N....(....................................................... ..........U.f......"...............h.t.t.p.:././.c.r.l.4...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.l...".6.7.8.6.6.3.5.d.-.1.c.0.c.0."...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):340
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4335911103210948
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:kK9n48QBVhtsG7DYUN+SkQlPlEGYRMY9z+s3Ql2DUeXJlOW1:ORnt4LkPlE99SCQl2DUeXJlOA
                                                                                                                                                                                                                                                                                            MD5:3C4C88B758140988D246A6557F22F4C0
                                                                                                                                                                                                                                                                                            SHA1:9C56206024517C19F5FB55550C8E563D96BB7865
                                                                                                                                                                                                                                                                                            SHA-256:1EC8EFB50E98AD3293ABEA4D579DEF152F928D87F37D7F4D7696B57F3579BDE4
                                                                                                                                                                                                                                                                                            SHA-512:AED9D9A13B59FABDEA35C368C6443849DB2B554D23376BA9044C71F9B6729C7524FFA3B1E9479655AF0CFE1DCFDF15A098A4B67F1E097CB0139125CFD286CB6D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... ........:1.._...(................................................u..#g.. ........~..MG......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):400
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8272430154886816
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:kKBHO/GsXERkEUXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:JuOsURamxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                                                                            MD5:1DBB2969013B6246038AB80458A2528C
                                                                                                                                                                                                                                                                                            SHA1:D2E5138B6665725FA40D188B7CB432DB1969EFE1
                                                                                                                                                                                                                                                                                            SHA-256:95B6E231DA3E1E34C81AD7ED9F2332BD6EFDBC5E2A579EB7D6A9F6E326A301EE
                                                                                                                                                                                                                                                                                            SHA-512:E785B3CCDC7351F0049F6346E1139020FD69BF03D2271B2CD5AD0B49EC11658023C9BFDD8510A04C5A4F68B36FE39C5ABB0C480EE2F1A8B0117D00684273131D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... ..........a..f..(....................e.....=nk.....................=nk.. ...............;...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):404
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.386675515163817
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:kK3ZSJfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhl+KscSikKYlFn:BSJmxMiv8sF3HtllJZIvOP205scn8
                                                                                                                                                                                                                                                                                            MD5:2F6E86E45E87724462FE20F9D1DDE6D2
                                                                                                                                                                                                                                                                                            SHA1:9DB8178B19105EBA760D8FA11034CF2A12901A35
                                                                                                                                                                                                                                                                                            SHA-256:CFB2F7D3F4BD11DE3C79C049A52F1F3E138C5B2C26C34A4470E0BCC5362B658C
                                                                                                                                                                                                                                                                                            SHA-512:6E06CA3FD20114FE0028B2C1F057B421E998ADE0CFA81FA72844A64E30C25555748AAABCECF1DF285D77A1FA743E2F447C2AB5863A360283AE1EF8AABD079059
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... .... ....6[.....(....................................................... ...............(...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):248
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0506132053976307
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:kkFklLYDtfllXlE/xNClhl1INRR8WXdA31y+NW0y1YbXKw+l1M7GlSbeIJblOAWt:kKrDoNCzl2FAUSW0PTKDXM6lSyIPOJ
                                                                                                                                                                                                                                                                                            MD5:28CB166598DC71994D970F2BEEB1F8C5
                                                                                                                                                                                                                                                                                            SHA1:7C8F29F5F29078CB4DEF24E3D16D9907C2D5DEAE
                                                                                                                                                                                                                                                                                            SHA-256:739C94BC8B8B7A6761BCC9516AEF6446B7E40E6AAC29F26CB4C4633D4C9A0450
                                                                                                                                                                                                                                                                                            SHA-512:20F7DAF0A76D20764145C0DAA084018648BED07882C246C499ED60AFE7C9CFA6371EBCDE0C40BBA2841C3971D07B0FDE47D0B2FE4A1953BA6CB6F7ABEFA45AFD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... ....f.......}..(....................................................... ..........Qa......................h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.l...".6.7.7.d.a.7.6.d.-.2.e.1."...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):308
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.227638664428838
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:kkFkl/tvfllXlE/YPlj/RDvcalXl+RAIdA31y+NW0y1YboOai2WelVJUTMVDXlVn:kK0jcalgRAOAUSW0P3PeXJUwh8lmi3Y
                                                                                                                                                                                                                                                                                            MD5:D3CA55C6E93C66112E656102B0F1FD78
                                                                                                                                                                                                                                                                                            SHA1:D7089B5485F9DBFFDC91A386B22449D52E427148
                                                                                                                                                                                                                                                                                            SHA-256:2EEDF4EAA54E3C228D806CF40126275DBB648975A51DAC5A85E0F824B5049A17
                                                                                                                                                                                                                                                                                            SHA-512:21034FD74ED7EFB0705AB67D5BE748ED5BC1324AFB401A47D0368B025CEA8964B8D2156E3390EF10B44271E220ED540F5A937221B583A7ADECD04293D7F55557
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... ........'8m..f..(....................................................... ........}.-@@...d..................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):412
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.396999454638809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:kKv8L/ofOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:X8EmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                            MD5:19F6E564C385CF05BF63BF4757FB22DA
                                                                                                                                                                                                                                                                                            SHA1:7207781C45094A29D6B8F3CF5D08CDDC21CADA55
                                                                                                                                                                                                                                                                                            SHA-256:7A9EDD507D1E4A0F30BD930F3D9BFA37314F25E219B983BE0ADE09562C8B22A5
                                                                                                                                                                                                                                                                                            SHA-512:1664B5EC7F682FDF9EDAD3926395F5CDB14D5254C863EFF637801C963760783DC6B5D8EE2455144253E87BC80D1837F75C7891C7EAD67059CFC9FB37675E7884
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... ....(.......J...(....................................................... ...............q...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):254
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0808693987667217
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:kKKLD+jcalgRAOAUSW0PTKDXMOXISKlUp:iLS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                                                            MD5:92CFF166B072B12BBCCC1B34DBCEF565
                                                                                                                                                                                                                                                                                            SHA1:C819BD0430D8C1950C1C7A1C5AF4116E9D08DD12
                                                                                                                                                                                                                                                                                            SHA-256:3080D6B6C3EBCA4764F5835EA3C533694011B65188DDE87055C44E74044C539C
                                                                                                                                                                                                                                                                                            SHA-512:D571300999DFD6B31AB3BDF6A043B94FEC9C28414CB67D13382E3BF640F19E5ACA6EA5BB6A7FF4A457AAE03192347E902F85E36EA771F16162274EFD5163F28F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:p...... ....l....+.?.f..(....................................................... ............n...e..................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1944
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.343420056309075
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                                                                                                                                                                                                                            MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                                                                                                                                                                                                                            SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                                                                                                                                                                                                                            SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                                                                                                                                                                                                                            SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1499
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.341844552740347
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mHE4KXWE4Ke60:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4A
                                                                                                                                                                                                                                                                                            MD5:1F102800C2B4B52354570886D784EA54
                                                                                                                                                                                                                                                                                            SHA1:B84148B4A84AF5669134EB9EC27904A05E2517D2
                                                                                                                                                                                                                                                                                            SHA-256:8367F22954F447B469ED78A27028539219651BEB79AFF371045A3347E99B906A
                                                                                                                                                                                                                                                                                            SHA-512:AE4C42696AC5C7F532820D0B5D2412FEAEE4641884B189559C25989E013E09D799C10C98DDC6813D9F7C76A475C34DF8A48BAFC2F5D17708CF5440F931D1CE0A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageTicketing.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1499
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.341844552740347
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mHE4KXWE4Ke60:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4A
                                                                                                                                                                                                                                                                                            MD5:1F102800C2B4B52354570886D784EA54
                                                                                                                                                                                                                                                                                            SHA1:B84148B4A84AF5669134EB9EC27904A05E2517D2
                                                                                                                                                                                                                                                                                            SHA-256:8367F22954F447B469ED78A27028539219651BEB79AFF371045A3347E99B906A
                                                                                                                                                                                                                                                                                            SHA-512:AE4C42696AC5C7F532820D0B5D2412FEAEE4641884B189559C25989E013E09D799C10C98DDC6813D9F7C76A475C34DF8A48BAFC2F5D17708CF5440F931D1CE0A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1075
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.353521172341231
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNa8mE4Dp689:MxHKQwYHKGSI6oPtHTHhAHKKka8mHDpN
                                                                                                                                                                                                                                                                                            MD5:BDADAD127D5A6079C29C0C870A5C3C2C
                                                                                                                                                                                                                                                                                            SHA1:AD5D30886AE959F271CF777D386A31CD792C9A64
                                                                                                                                                                                                                                                                                            SHA-256:7186B9EAC66BD83E5E1C050D81529BC68511538118E65019EBECFD952C22FD55
                                                                                                                                                                                                                                                                                            SHA-512:198087F52C39A32ACE7A90E9212C2AA0F31EDF8349773C8C6C5495CA82C890F9A8A44356AC5AEBB42F3342E6BE981DC4BCFE1D7FB43760745D7240A117257725
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv7

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):1751
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.355897076808966
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4UHKmTH3:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4UqqX
                                                                                                                                                                                                                                                                                            MD5:A1F9AD77F31B77DD8E5F599F18F53DCC
                                                                                                                                                                                                                                                                                            SHA1:051133DC4D1601A32BE75F3D3707E25030A4E6D5
                                                                                                                                                                                                                                                                                            SHA-256:B5B8E1B3BBCA410182C1165A7320E8CA405358DD6773260A9E421FFBD5F1A181
                                                                                                                                                                                                                                                                                            SHA-512:C0C0CCE93FF038E7B73F6A7439DF5943F8EF35E68EAA85F5D47AEC25562B8E1A171320500A8AA17DB1649F1236D8713DDE4B0AD36043FF47157192F119ED6A77
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:@...e...........................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\AteraSetupLog.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):227642
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7851110081825743
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:zJ5GHQTEie5rCrAgtbLW5WMyx3v5WUHJRJjx6O7vt0TLr2AV8wNKbQD5k4d81h5I:zdTj+OnP5ujhhorcFstSwaga
                                                                                                                                                                                                                                                                                            MD5:6A4057E148A766D842BA0BF122ADE582
                                                                                                                                                                                                                                                                                            SHA1:1869F4C99955E17724D66693DB0AB290268C9102
                                                                                                                                                                                                                                                                                            SHA-256:96BDFD9AEDD3148BFB672B422941EC158B0777C20D6E7EB89CE80BD7DACEEED4
                                                                                                                                                                                                                                                                                            SHA-512:60167ABA6C12134E1E049FF3E510B311F9D1AF55ABE886B58A8D25EBDB4584A1B98770F13B2AB2F2E1DD1A8DBBE0C6971360078761855FEFAFA695FF321FCE14
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\AteraSetupLog.txt, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.1./.2.0.2.5. . .1.1.:.0.3.:.2.7. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.0.8.:.E.0.). .[.1.1.:.0.3.:.2.7.:.5.9.2.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.0.8.:.E.0.). .[.1.1.:.0.3.:.2.7.:.5.9.2.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.0.8.:.E.0.). .[.1.1.:.0.3.:.2.7.:.5.9.2.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.W.i.n.d.o.w.s.\.T.E.M.P.\.a.t.e.r.a.A.g.e.n.t.S.e.t.u.p.6.4._.1._.8._.7._.2...m.s.i..... . . . . . . . . . . .*.*.*.*.*.*.*. .A.c.t.i.o.n.:. ..... . . . . . . . . . . .*.*.*.*.*.*.*. .C.o.m.m.a.n.d.L.i.n.e.:. .*.*.*.*.*.*.*.*.*.*.....M.S.I. .(.c.). .(.0.8.:.E.0.). .[.1.1.:.0.3.:.

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_000_dotnet_runtime_8.0.11_win_x64.msi.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):483562
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.842439270941047
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:TKW0xlTgMw3etWM+Ei831DZ/RVj+uQYzBIR/DzK0bv+cMGulaVpdVE+Y7JxOHfc8:0jFTg
                                                                                                                                                                                                                                                                                            MD5:CBF877A4A8DFFC41A097334C15BFE9F1
                                                                                                                                                                                                                                                                                            SHA1:9E3A534AE28F175BD44CCE4D9C397666DD550BE4
                                                                                                                                                                                                                                                                                            SHA-256:B02FCD9CA28DF1E3AB23094001C0CF12FB45B1D6B6E43F4E91028BD5986E7FF7
                                                                                                                                                                                                                                                                                            SHA-512:5F10542D706B6FFDCB231CEDC3FBAFBF0CBC19B9364E5D165790B75BE3C27A847D6A9AD922F2B2C20603D651546E590F69E6D97313C1D6CDC0E4FE93B9CD4D8D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_000_dotnet_runtime_8.0.11_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.1./.2.0.2.5. . .1.1.:.0.5.:.0.2. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.A.7.D.6.0.7.A.6.-.1.7.9.9.-.4.F.D.E.-.B.0.6.5.-.5.9.1.F.C.C.6.4.3.0.B.4.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.8...0...1.1.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.5.0.:.C.C.). .[.1.1.:.0.5.:.0.2.:.2.7.1.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.5.0.:.C.C.). .[.1.1.:.0.5.:.0.2.:.2.7.1.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.5.0.:.C.C.). .[.1.1.:.0.5.:.0.2.:.2.7.1.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.9.C.8.0.2.1.3.E.-.9.0.7.9.-.4.5.6.1.-.8.D.5.7.-.1.F.D.D.0.D.6.2.2.5.1.F.}.v.6.4...4.4...2.3.1.9.1.\.d.o.

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_001_dotnet_hostfxr_8.0.11_win_x64.msi.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (401), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):99306
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7939620875305784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:OOutCqI7sG3rE5O4+8vTjB5mMH15Qx0wwwwwwwwwwkLqRWQ5Y3:2jNy
                                                                                                                                                                                                                                                                                            MD5:6B7066D168EF76B9DD56E80ACD6B8C8C
                                                                                                                                                                                                                                                                                            SHA1:F689F7661BA4E04C152C11A3B3A3A05BF2A9EA87
                                                                                                                                                                                                                                                                                            SHA-256:70C155ABF146CC9AB8E4810B5A455AABB4096537341A43CDED41750346F03C60
                                                                                                                                                                                                                                                                                            SHA-512:1C857A1EE23E59DAFBA420FD40E95E4D886387F75CDCE27C16EB22D95593AD2DDB481C2521CC9D605819D6694F77F560BF4EEF5A10B7C321EA2E18846422129B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_001_dotnet_hostfxr_8.0.11_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_001_dotnet_hostfxr_8.0.11_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.1./.2.0.2.5. . .1.1.:.0.5.:.1.7. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.A.7.D.6.0.7.A.6.-.1.7.9.9.-.4.F.D.E.-.B.0.6.5.-.5.9.1.F.C.C.6.4.3.0.B.4.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.8...0...1.1.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.5.0.:.D.8.). .[.1.1.:.0.5.:.1.7.:.7.8.7.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.5.0.:.D.8.). .[.1.1.:.0.5.:.1.7.:.7.8.7.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.5.0.:.D.8.). .[.1.1.:.0.5.:.1.7.:.7.8.7.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.F.5.9.C.1.1.F.0.-.D.7.3.F.-.4.5.2.B.-.8.D.1.D.-.8.C.3.3.B.8.2.D.8.5.0.7.}.v.6.4...4.4...2.3.1.9.1.\.d.o.

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_002_dotnet_host_8.0.11_win_x64.msi.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (386), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):109596
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7854226540827294
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:aQAB+4qd/vT28Nz+N8jxYU86tE4PrWXfyWpjBke:5jcn
                                                                                                                                                                                                                                                                                            MD5:C1313871440FCAD70AA7F0D39E4BF92C
                                                                                                                                                                                                                                                                                            SHA1:4343A7A9DC305349A1DB1DE4904ECAB650291736
                                                                                                                                                                                                                                                                                            SHA-256:3C86C34250F005CD5ABC015D5D186B5ADD0EB043AD23709DF03AC5FC6DD86087
                                                                                                                                                                                                                                                                                            SHA-512:4B23BFB18A9801E5F85B09DFDB8061038C676707E7DBD83A75841099923A76FABB918A57C307FAF36DA36721631F9C1C8922E6EEEBFFCAD7B582BA0BE850F91D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250114110501_002_dotnet_host_8.0.11_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.1./.2.0.2.5. . .1.1.:.0.5.:.1.9. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.A.7.D.6.0.7.A.6.-.1.7.9.9.-.4.F.D.E.-.B.0.6.5.-.5.9.1.F.C.C.6.4.3.0.B.4.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.8...0...1.1.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.5.0.:.8.0.). .[.1.1.:.0.5.:.1.9.:.8.3.3.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.5.0.:.8.0.). .[.1.1.:.0.5.:.1.9.:.8.3.3.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.5.0.:.8.0.). .[.1.1.:.0.5.:.1.9.:.8.3.3.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.3.6.2.B.4.D.0.D.-.8.4.3.8.-.4.4.D.A.-.8.6.B.2.-.F.E.C.4.4.E.0.0.0.F.C.A.}.v.6.4...4.4...2.3.1.9.1.\.d.o.

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\PreVer.log.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (523), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1296748
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8558560465141594
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1RcePsjV3tl/Punj5YsRVwjmjJYhSSHHwqDFUvxKuBWDmYXKmlGFOqBAs5qbVzbc:LjRVwOjtn
                                                                                                                                                                                                                                                                                            MD5:63D194510688CD21962B70052D758660
                                                                                                                                                                                                                                                                                            SHA1:2C3B923F8049E5356DB4C94E1D735BE1070E98AC
                                                                                                                                                                                                                                                                                            SHA-256:D451AEA8CE103028256CCC311596F32F96369F85E56406A32F37475FDE73F0A2
                                                                                                                                                                                                                                                                                            SHA-512:903DBA7BB631F2F75A6CBA266A6C33770951CC120A3FFB1A5BD9C2CCB63ED02FAAE0B0292C27CF79D6CFFC56CC8AB7C703598994F197305B8F03FECAECC0AA2B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.1./.2.0.2.5. . .1.1.:.0.4.:.2.4. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.B.4.:.7.0.). .[.1.1.:.0.4.:.2.4.:.5.3.6.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.B.4.:.7.0.). .[.1.1.:.0.4.:.2.4.:.5.3.6.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.B.4.:.7.0.). .[.1.1.:.0.4.:.2.4.:.5.3.6.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .s.e.t.u.p...m.s.i..... . . . . . . . . . . .*.*.*.*.*.*.*. .A.c.t.i.o.n.:. ..... . . . . . . . . . . .*.*.*.*.*.*.*. .C.o.m.m.a.n.d.L.i.n.e.:. .*.*.*.*.*.*.*.*.*.*.....M.S.I. .(.c.). .(.B.4.:.7.0.). .[.1.1.:.0.4.:.2.4.:.5.3.6.].:. .C.l.i.e.n.t.-.s.i.d.e. .a.n.d. .U.I. .i.s. .n.o.n.e. .

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\SplashtopStreamer.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):56907920
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.937481143445435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1572864:xnOdpvYs+cvrrjOAYfDJnEAOns5w5k8BzFl73BuvH:xQNLOAYfzOBO8B3dmH
                                                                                                                                                                                                                                                                                            MD5:9CD6BA3AD27DAC967F073CBCAD88FEF9
                                                                                                                                                                                                                                                                                            SHA1:FFE503C57539FD91A2F09EFE8FA44958AD96B4A2
                                                                                                                                                                                                                                                                                            SHA-256:248E1FC6DF40583AF705BB617F402092F1943F27416F5557AC9CEFE284761019
                                                                                                                                                                                                                                                                                            SHA-512:A9DA38896354174DED6A1D2AE548A5A797F6BF2A6CA6C8519FC2ED704C39E2D36E916FCB70FE3BB98201C5EB91667CD7D752BD07B4FFC1575526FF87FDBCFFCA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........{F~.(F~.(F~.(O.8(U~.(F~.(.|.(O.>(\~.(O.((.~.(O./(.~.(O.!(A~.(O.?(G~.(O.:(G~.(RichF~.(................PE..L.....Gg............................./............@.................................Rwd.............................................. ..(............0d..(..........`................................i..@...................D........................text............................... ..`.rdata..............................@..@.data....^......."..................@....rsrc...(.... ......................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_55ibtskn.5dn.ps1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_f3sg4pys.mzq.ps1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_k1j5nsrm.vee.psm1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_tl5t55dd.ek3.psm1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_vlqikfi3.qfo.psm1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_xetcrwwx.lzy.ps1

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\ateraAgentSetup64_1_8_7_2.msi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: x64;1033, Revision Number: {911E9E2F-B38D-4D02-A148-5E49FC9D8943}, Create Time/Date: Wed Feb 28 10:52:04 2024, Last Saved Time/Date: Wed Feb 28 10:52:04 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2994176
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878630966889847
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:s+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oq1xMbY+K/tzQz:s+lUlz9FKbsodq0YaH7Z1xMb8tT
                                                                                                                                                                                                                                                                                            MD5:5E90226ABB5A004B0B9DB9A9E67BAC21
                                                                                                                                                                                                                                                                                            SHA1:34EB703055BAFA469A714F18C7F00E5098B764AF
                                                                                                                                                                                                                                                                                            SHA-256:BE0C53481ED4CF3EC4D0AD16053CD18D6AAD8C349B8281F5F9B90B526420CEAE
                                                                                                                                                                                                                                                                                            SHA-512:2676357D10AA76F09F2A1F691C7566D54E34B20716EDF1301B2D69C3E3400D0A70E7C1738AEA9A75334B384AB988CEA3A07B983C900AE32395285BE61673C288
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF000216BC35634FF2.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF04B95918BBCD2011.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF0D489B644F456C78.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF0E56B4C9B4D5AEE1.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2303289648185431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:vYVUuKPveFXJ5T5NDrqISoedGPdGTiEaStedGPdGTn:cUGhTLDmIdD
                                                                                                                                                                                                                                                                                            MD5:0B02CFD2FB8833314E67D294B4CB9CDA
                                                                                                                                                                                                                                                                                            SHA1:BB96129DEE928A7D43758381E357333C10DCBBC9
                                                                                                                                                                                                                                                                                            SHA-256:61D027929B14CD726430EB6BB5EC221375168CE6AF9666E1DA461B28A50F8D13
                                                                                                                                                                                                                                                                                            SHA-512:32993E338F0CD370E5ACC5B634D6B4D96B901A1E11C825916882837E3C8B0F5792A515B59201B6A8AC145CED1E9D5BFE2AD436E56B5B0712A44FF3E2FF96E299
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF0E56B4C9B4D5AEE1.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF0FB5EAB82AF3D09F.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF1171BC376218CEF5.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.5659002898370418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:N8PhFuRc06WXzcjT5/dv4rByKYqSjnd/EqdvUDjWbQKSsnd/E85f4:whF1BjTrgrEKjIWD6NP6
                                                                                                                                                                                                                                                                                            MD5:28C6A6E8CCF9EE0B0083DE8BFC592E2F
                                                                                                                                                                                                                                                                                            SHA1:2CCEE6927DCE115DF7731CC5C19E374BE778E540
                                                                                                                                                                                                                                                                                            SHA-256:89B73DF412D7A00B36F5A935C2D7D58D7CB127D93D612BE80B4A2736FDAD6ADC
                                                                                                                                                                                                                                                                                            SHA-512:1B5B28A7454A8CA82A9689F8C4C08B59CF925EDAE7CBCD277DD49213DC62C463CE195329DBF82156EDBDB7107C133C76E051CFB1DCED1DB463DE79E9737A34C5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1171BC376218CEF5.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF151969AB36BE6A10.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.597213235605433
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:78PhTuRc06WXzcjT5f4dtBvwSjndddwEqdvUDjWbQySsndddSE8d:ihT1BjTxQtJwfWD6Na
                                                                                                                                                                                                                                                                                            MD5:635A9135B27AB7443ED535FDDA245AEC
                                                                                                                                                                                                                                                                                            SHA1:1B6D567888F41BE5FC49516EE1A053FE18F3E37C
                                                                                                                                                                                                                                                                                            SHA-256:2AFE0EFA4198E3BD844DC19D7E104E09C1065B3908A11E06C0177EA72135511A
                                                                                                                                                                                                                                                                                            SHA-512:982AE4EDA6FBEF911AE1A2371C3730991C4E52016251727E2384D1CA2B6454C5B81B10CFE9FD342E36D77617FC8B021A1280A92B6334C5B62EDCAF6820AE28CF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF151969AB36BE6A10.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF1A29FBAD63835CA5.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.077966497703753
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO1LtCmOuPrfkiVky6l51:2F0i8n0itFzDHFzTPrfWr
                                                                                                                                                                                                                                                                                            MD5:785EA75A2FB1DB6D9155B28A1291DAF3
                                                                                                                                                                                                                                                                                            SHA1:6B86F7E077D0A8823383FBB776313FEDB17BFDEA
                                                                                                                                                                                                                                                                                            SHA-256:BCD727E77C067BD5A31C13E8024F00ED60381D9AB725CAE2E6777A5708C9DDE0
                                                                                                                                                                                                                                                                                            SHA-512:1834BBF627951711C96708EE7AA4B6C069055E832C717561DC77592E68EFB93E65FE825A5D3D13859057C93BE96CC12701D725491C4CFC49A4EE4FD40942E72A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF1B8479A159C6B93A.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF1C7C7BE48FF98E07.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2208823414120733
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:628PhcuRc06WXJEFT5BDrqISoedGPdGTiEaStedGPdGTn:4hc1HFTPDmIdD
                                                                                                                                                                                                                                                                                            MD5:EAB2BEF657FE72DACFE865739D0E614D
                                                                                                                                                                                                                                                                                            SHA1:C9E9679B0755990CAD65B9FF00277CA2A8962901
                                                                                                                                                                                                                                                                                            SHA-256:6BB955EC1898A4AD4EB0184BC94CD53E63243A47AA540ACAD728AC651A347D9B
                                                                                                                                                                                                                                                                                            SHA-512:6C993C92D3B13874700EA225CC4CF701EE56598CAA4207FA9E37D03AA98A66847C348839684F4D2DEEAB368AA4859E86C26B7C10366138FE6782B6187AF5182F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1C7C7BE48FF98E07.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF1D764C60DD179412.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF1D775BC676569C16.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2561154809055601
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:9tCgXukEBNveFXJdT5XuqISoedGPdGfRrV1XStedGPdGRubBn:XXn1TprIAoF
                                                                                                                                                                                                                                                                                            MD5:CEF9FC5C82FB0F124EE25F7A61775202
                                                                                                                                                                                                                                                                                            SHA1:C4592B95BEAC75C77CAE303E79FCD7A56474C4A1
                                                                                                                                                                                                                                                                                            SHA-256:14091C7DB4B9666A9F45C750D0CB702B594ED6B1EB9A1DFA4800A6C3EBFFBC8B
                                                                                                                                                                                                                                                                                            SHA-512:8F3D58D1796573FBE34CFFA133C9E6CB4C84C9E55FB0ECCB6D10B4F0FFBEE4B75020558C62F1C8CBBC34D425C0E1853B5C391AD768E38168D69FC172D285AAE0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1D775BC676569C16.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF268D8840D2324F5E.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0008587736674763
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:AAMMXukJveFXJ5T5pnDHqISoedvPdvbCnuhnq9CAnFpadStedvPdvxubS:HXahTnnDKIciuBuLjs4
                                                                                                                                                                                                                                                                                            MD5:BEDF252FECC9DC096D9A0A0FAD3D703E
                                                                                                                                                                                                                                                                                            SHA1:0A67CB90B9E0C69D166843A70EEB2D07A7A98083
                                                                                                                                                                                                                                                                                            SHA-256:076E517F1C2E1C0046866C0B8719FED1ED0EB6F4479F2C890DD929A0586E518D
                                                                                                                                                                                                                                                                                            SHA-512:483DB47FC1C47322E324ED413168374619AB832ED3FB1AF01E0306AF9C6A9782E743B0093640CB0235BC71DD626DF8F0A142D34808086C2B077A8C2F173DC62E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF268D8840D2324F5E.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF2830ED33B1C8131A.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):147456
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0951021402805754
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XpfEl6Ar32TwxUWV/voMN44ZxUp4K1VsmwECs+X0FEl6Ar32TwxUWV/voMN44Zxn:5IrmUxLxhK1Lw2dWrmUxLxhK1Lw2
                                                                                                                                                                                                                                                                                            MD5:FA4B4AE6C320E04C8EC11A1DCEF2151A
                                                                                                                                                                                                                                                                                            SHA1:52B5E7490123BE4217D3B4C2792E2F3C05C2ED0B
                                                                                                                                                                                                                                                                                            SHA-256:1B951B18C2875AE71C162FCA6F0CC330EDF235ABF2A9F9E50FA1AC5C60B27E30
                                                                                                                                                                                                                                                                                            SHA-512:2ED499378DF4220BC49A55B6948E26F9F9A519BAB76A97A0260F0024170B773C55DBB0767A1C2F957D8B2EDFE0340FA94EA43DB58A9FFAEDC7E188FDE20B78EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF2CCF50F8B28CA0B7.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF2D714BC3F8255795.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2303289648185431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:vYVUuKPveFXJ5T5NDrqISoedGPdGTiEaStedGPdGTn:cUGhTLDmIdD
                                                                                                                                                                                                                                                                                            MD5:0B02CFD2FB8833314E67D294B4CB9CDA
                                                                                                                                                                                                                                                                                            SHA1:BB96129DEE928A7D43758381E357333C10DCBBC9
                                                                                                                                                                                                                                                                                            SHA-256:61D027929B14CD726430EB6BB5EC221375168CE6AF9666E1DA461B28A50F8D13
                                                                                                                                                                                                                                                                                            SHA-512:32993E338F0CD370E5ACC5B634D6B4D96B901A1E11C825916882837E3C8B0F5792A515B59201B6A8AC145CED1E9D5BFE2AD436E56B5B0712A44FF3E2FF96E299
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF2D714BC3F8255795.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF315A51FCE3FE3511.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF37A9305ECBF11C13.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.14518568354326586
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:CnxuvzmipVfedGSadGS7qIipVGedGSadGSAVgwGklrkgTlb1K+:CnxubmStedGPdGeqISoedGPdGfRrV1K
                                                                                                                                                                                                                                                                                            MD5:E4EEFBF96B6AFEA1A9B9AE2DBBA4BE27
                                                                                                                                                                                                                                                                                            SHA1:1379D875D5D8319E034E5E73853C5AC2E5F06398
                                                                                                                                                                                                                                                                                            SHA-256:95B8F8CFE8D7AC8B01F6749BD4F25913383B6007F9400E3CE667ECC096911E6D
                                                                                                                                                                                                                                                                                            SHA-512:ADCDE754DCF421C44FF115797CE773B05E5EA2D980BDE6ED84C30F39D381AAD70C1381EA433061848BFDC304C6AB62096BAEA76A3303CD1DE9B5EEA560E3B342
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF37A9305ECBF11C13.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF37A9305ECBF11C13.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF3E23FBC8889B93E0.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):172032
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.4608982903002423
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:hFEl6Ar32TwxUWV/voMN44ZxUp4K1VsmwECs+rEl6Ar32TwxUWV/voMN44ZxUp4X:hWrmUxLxhK1Lw2HrmUxLxhK1Lw2
                                                                                                                                                                                                                                                                                            MD5:C80789ADCE42719702D39968476B56D2
                                                                                                                                                                                                                                                                                            SHA1:589EFB9E70177E8F4CB6DDA8A6EAABD3BEE8400A
                                                                                                                                                                                                                                                                                            SHA-256:577B55215B0808B5826B36C66667E919444FF04B1C2C8EB92A3E10D11EA745A8
                                                                                                                                                                                                                                                                                            SHA-512:A5D88B93D4275080D0203019933FA00D053E10A84CD3BEA35829F6424E6E72649657F0BCF34059B44AADB017D75EFE693FE53888B36463680DEFE34BE7022483
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF3EAEF7DCA7CBF50E.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.13038804701878767
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:CnAipVfedGSadGS7qIipVGedGSadGSfEqasJGWNWTZk0+n+n:CnAStedGPdGeqISoedGPdGTiE1Y
                                                                                                                                                                                                                                                                                            MD5:A79FDA06CDA9D1E9DAB388EF12384937
                                                                                                                                                                                                                                                                                            SHA1:8049C1B1FFB052F4109AB652DFA0E923EA686D7A
                                                                                                                                                                                                                                                                                            SHA-256:9BD529C6A1DE48115132A3B39D998F35DC624E450F328EA8E879273A3384E1EB
                                                                                                                                                                                                                                                                                            SHA-512:AE08CF5D887E8741F4B61109388590646A39C3BC5F0B3C982BAC16D3FD2BC9E97D15BD39F5D522140AD96DB66049B95A5492896C61DA9F93F14030663E0BF0F9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF3EAEF7DCA7CBF50E.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF41669721F6B9F0E5.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2561154809055601
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:9tCgXukEBNveFXJdT5XuqISoedGPdGfRrV1XStedGPdGRubBn:XXn1TprIAoF
                                                                                                                                                                                                                                                                                            MD5:CEF9FC5C82FB0F124EE25F7A61775202
                                                                                                                                                                                                                                                                                            SHA1:C4592B95BEAC75C77CAE303E79FCD7A56474C4A1
                                                                                                                                                                                                                                                                                            SHA-256:14091C7DB4B9666A9F45C750D0CB702B594ED6B1EB9A1DFA4800A6C3EBFFBC8B
                                                                                                                                                                                                                                                                                            SHA-512:8F3D58D1796573FBE34CFFA133C9E6CB4C84C9E55FB0ECCB6D10B4F0FFBEE4B75020558C62F1C8CBBC34D425C0E1853B5C391AD768E38168D69FC172D285AAE0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF41669721F6B9F0E5.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF48580194A8049016.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.5693062246095706
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:nJ8PhPuRc06WXJ+nT5XuqISoedGPdGfRrV1XStedGPdGRubBn:EhP1VnTprIAoF
                                                                                                                                                                                                                                                                                            MD5:467B89D189E94E6C55F38EBFD9B61A2D
                                                                                                                                                                                                                                                                                            SHA1:D03D8DFC46F319ECFFC2C2320393DE851DEC3C23
                                                                                                                                                                                                                                                                                            SHA-256:1CA5A9B1F78C166EEA1F49FD04414AA4391FEFE2D617AB2AA253B09AED58BEF9
                                                                                                                                                                                                                                                                                            SHA-512:F6D2B0529E2C0485CCE9E1A1210472A9A681417E31C03F6CEF165F3A3B8837F1A893870F66FA1DEC2370FE8536EBB9F4991E298A6955A58DED1A8C1F272A7F52
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF48580194A8049016.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF4947B52D1AFD0E01.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF4D6259134B22D9A7.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.06905676137922633
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOqUJqqGyVky6l3X:2F0i8n0itFzDHFq0E3X
                                                                                                                                                                                                                                                                                            MD5:BC75BE4F92F694EDC2B880D28417DAFC
                                                                                                                                                                                                                                                                                            SHA1:29E0D0E0B37FD6C1AEBB42DECE2341087F6C9E71
                                                                                                                                                                                                                                                                                            SHA-256:0DEF1AE8D6971D4B916DB6AF16228F36173196A2B38017779B15A5803ED674B5
                                                                                                                                                                                                                                                                                            SHA-512:BE2652D49ED189EAEB73AAF7D029AD2A4233A94CD6C21FA70086C3F50A4C43D43FD57C67CA09AE8E1134E46B6FA1E4F1D0302BAA1034441AB8AAF1E46F552303
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF50D7470F9DA8E5B5.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF528344C38DEC6F5C.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF528C2D2EF0E8BDCF.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF54D62876BC82BE22.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2766075799826924
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:GQLuDrh8FXzBT5bUdL4ByWFSjndd4d/EqdvUDjWbQiSsndd4dXE8Rb:fLJvTVUL4EWF9WD6Ngt
                                                                                                                                                                                                                                                                                            MD5:9205A7BFC2C0D550329DBDD1E255690D
                                                                                                                                                                                                                                                                                            SHA1:ED88DA8FF65E15D9E7440C34366AB63B3C1730E8
                                                                                                                                                                                                                                                                                            SHA-256:3C726D055EB990A49D4E3FDEF0FBDB9DFAC0403BC1EF73C20BF2E4CB65069699
                                                                                                                                                                                                                                                                                            SHA-512:25957E1882369882D098BCC8112EEA58B8B6D5814830BA77A3DB9E2DF6609101F9081417A64E3B9446B246FB46750D169C874EAC0B89302C2FE309D4220868ED
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF54D62876BC82BE22.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF5E01A909947A4CEF.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF5E121B0E31268F1B.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF5E97BEB62487DE14.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF5ECA9A71FDA52117.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF5EF97DE686706D15.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.300811500529341
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JBO38PhMuh3iFip1GE2yza2t4KAQBHoZagUMClXteb+oAWS+1a0XwZymiL:08PhMuRc06WXOCjT5uXAWSEXwZy9
                                                                                                                                                                                                                                                                                            MD5:37C0B1F42BA3B9BA06FDC6CA76E94C0B
                                                                                                                                                                                                                                                                                            SHA1:692F5F4585C82425FDD256C6C64A75A95082EF65
                                                                                                                                                                                                                                                                                            SHA-256:ECBF2675EC1D8E7806A3CC7B449581113D1D44EE54E93304F01FDF382EDA680D
                                                                                                                                                                                                                                                                                            SHA-512:C148BE8ACAB8168AE18F57B2C0015DFDED65F04BB396F31F097B7747E1104B76D70D0B67936619B0332384500E107D64FB8C68D00A17038A48FDC9C55A8FB45D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF5FBF141273CD1C8C.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2520949954299643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:m69u1rh8FXz3T5Pdv4rByKYqSjnd/EqdvUDjWbQKSsnd/E85f4:19/JTzgrEKjIWD6NP6
                                                                                                                                                                                                                                                                                            MD5:90F33472F915315FFC5339F01422D74A
                                                                                                                                                                                                                                                                                            SHA1:17ABEA2F665E8B542AB2954EA74C23C4963A2497
                                                                                                                                                                                                                                                                                            SHA-256:32BECCD611425B5AD9181F369A1FA903F9D2745F8259A4A95BCCFDE17DDF0707
                                                                                                                                                                                                                                                                                            SHA-512:D5DF7BAB7A8EF573F1C7D10A0DDEFEF57A7B77DAF11A8063632BA3065892BFC18385AF26DBCC7701824FDFBA18E8CAA6AA4EA6E2E98E0A81A7A9200E5274EE97
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF5FBF141273CD1C8C.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF60DBA4117BE87DFA.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2766075799826924
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:GQLuDrh8FXzBT5bUdL4ByWFSjndd4d/EqdvUDjWbQiSsndd4dXE8Rb:fLJvTVUL4EWF9WD6Ngt
                                                                                                                                                                                                                                                                                            MD5:9205A7BFC2C0D550329DBDD1E255690D
                                                                                                                                                                                                                                                                                            SHA1:ED88DA8FF65E15D9E7440C34366AB63B3C1730E8
                                                                                                                                                                                                                                                                                            SHA-256:3C726D055EB990A49D4E3FDEF0FBDB9DFAC0403BC1EF73C20BF2E4CB65069699
                                                                                                                                                                                                                                                                                            SHA-512:25957E1882369882D098BCC8112EEA58B8B6D5814830BA77A3DB9E2DF6609101F9081417A64E3B9446B246FB46750D169C874EAC0B89302C2FE309D4220868ED
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF60DBA4117BE87DFA.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF61D0F85115295E76.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.5693062246095706
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:nJ8PhPuRc06WXJ+nT5XuqISoedGPdGfRrV1XStedGPdGRubBn:EhP1VnTprIAoF
                                                                                                                                                                                                                                                                                            MD5:467B89D189E94E6C55F38EBFD9B61A2D
                                                                                                                                                                                                                                                                                            SHA1:D03D8DFC46F319ECFFC2C2320393DE851DEC3C23
                                                                                                                                                                                                                                                                                            SHA-256:1CA5A9B1F78C166EEA1F49FD04414AA4391FEFE2D617AB2AA253B09AED58BEF9
                                                                                                                                                                                                                                                                                            SHA-512:F6D2B0529E2C0485CCE9E1A1210472A9A681417E31C03F6CEF165F3A3B8837F1A893870F66FA1DEC2370FE8536EBB9F4991E298A6955A58DED1A8C1F272A7F52
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF61D0F85115295E76.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF656624A2C6F77EB9.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2561154809055601
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:9tCgXukEBNveFXJdT5XuqISoedGPdGfRrV1XStedGPdGRubBn:XXn1TprIAoF
                                                                                                                                                                                                                                                                                            MD5:CEF9FC5C82FB0F124EE25F7A61775202
                                                                                                                                                                                                                                                                                            SHA1:C4592B95BEAC75C77CAE303E79FCD7A56474C4A1
                                                                                                                                                                                                                                                                                            SHA-256:14091C7DB4B9666A9F45C750D0CB702B594ED6B1EB9A1DFA4800A6C3EBFFBC8B
                                                                                                                                                                                                                                                                                            SHA-512:8F3D58D1796573FBE34CFFA133C9E6CB4C84C9E55FB0ECCB6D10B4F0FFBEE4B75020558C62F1C8CBBC34D425C0E1853B5C391AD768E38168D69FC172D285AAE0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF656624A2C6F77EB9.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF68F88D8A2D21CD96.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF6B007E2D2C2AF200.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.1632078884044375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:TEubmStedvPdv+qISoedvPdvbCnuhnq9CAnFpaqr:hybIciuBuLjRr
                                                                                                                                                                                                                                                                                            MD5:BE0798CB05CE1C7E38D1D767AB4D98D7
                                                                                                                                                                                                                                                                                            SHA1:C63543B4E618C0E0F3AE73F237E443C99F051736
                                                                                                                                                                                                                                                                                            SHA-256:A66C94C70846759F817C0ACE5EAD979A850647479D8FA2B4E533B4ED459673FA
                                                                                                                                                                                                                                                                                            SHA-512:632569F9E8717DA1ADDE206151C80017141696956DA79EB3EE499DD2C387FDFED114F4B33D832A58B73BD122AFCB6481AB97323C8F088EE2FDC92C64F7B7390B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6B007E2D2C2AF200.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF73F3A0FE7CE7121E.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF773D3A96D3B0D0ED.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF775F81FCFAB1B0A7.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):147456
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0951021402805754
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XpfEl6Ar32TwxUWV/voMN44ZxUp4K1VsmwECs+X0FEl6Ar32TwxUWV/voMN44Zxn:5IrmUxLxhK1Lw2dWrmUxLxhK1Lw2
                                                                                                                                                                                                                                                                                            MD5:FA4B4AE6C320E04C8EC11A1DCEF2151A
                                                                                                                                                                                                                                                                                            SHA1:52B5E7490123BE4217D3B4C2792E2F3C05C2ED0B
                                                                                                                                                                                                                                                                                            SHA-256:1B951B18C2875AE71C162FCA6F0CC330EDF235ABF2A9F9E50FA1AC5C60B27E30
                                                                                                                                                                                                                                                                                            SHA-512:2ED499378DF4220BC49A55B6948E26F9F9A519BAB76A97A0260F0024170B773C55DBB0767A1C2F957D8B2EDFE0340FA94EA43DB58A9FFAEDC7E188FDE20B78EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF7B6B53CB5E1771F5.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07992663949499662
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO2rNy+659IvYjSVky6l/X:2F0i8n0itFzDHFz6vYF/X
                                                                                                                                                                                                                                                                                            MD5:76F80871844D53B66E47517D78AD0A94
                                                                                                                                                                                                                                                                                            SHA1:0FD44E38BE90A7A92DAD36AD21BAB27775CDA4D3
                                                                                                                                                                                                                                                                                            SHA-256:26250C5843A798C2632D4E4FF0B25CEEBBB4E64E702172BC60C128DEA3D19BA2
                                                                                                                                                                                                                                                                                            SHA-512:457E8E1247A6E96F2CE7BFD1A9B5F53228AC182CE679F0DD2CC1FC39AB86109D0E8F25475DF25AE815F10D9C8CBD73930182AFC20DC38D889ACFF155232E3E4D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF7D49F49320B250FC.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.14351093216122812
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:04l5rEuSsndYSjnd/EqdvUDjWbQlYidv4rBy:BljWIWD6kvgrE
                                                                                                                                                                                                                                                                                            MD5:9A91A7F1FDB56339B1B74AD00DA76A64
                                                                                                                                                                                                                                                                                            SHA1:77DD97C2534A3C6C4D16B232B50FE8306021599A
                                                                                                                                                                                                                                                                                            SHA-256:509F7234A878C5FDEA19DFD2DB8A8DF3B887686E21BB4393BA793A31BBE33BBA
                                                                                                                                                                                                                                                                                            SHA-512:8A15C0B151528F1BF4C05D10D031ACCDE8CC85E03E032ADC45CD45093F440A8300C8813B859115B741BACD03DD183FFAEA45AD00F629739A2BCEE7AD0F564CEC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF7D49F49320B250FC.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF8045D7C2CB158800.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.6002829950355284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:M8PhTuRc06WXzmjT56dL4ByWFSjndd4d/EqdvUDjWbQiSsndd4dXE8Rb:jhT1bjTkL4EWF9WD6Ngt
                                                                                                                                                                                                                                                                                            MD5:36A9ED42FBC35AD98748C27DA78B5A57
                                                                                                                                                                                                                                                                                            SHA1:6F1431074F8A1FB922782C23B503299A75CF9E47
                                                                                                                                                                                                                                                                                            SHA-256:4C50C6E9070B44EEAE0F35E6A4AD6BF7BF8B27D63D260B214C143D6293F1C73F
                                                                                                                                                                                                                                                                                            SHA-512:EC9AAEC68BC1EF31CD36E9478C61CAC7CD543C356EA2A60FC0146C3A2392BA0CDAB6E8B5C5E42ED05B6142F7AF0C58432076431D31685DD35D4A1F5113179781
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8045D7C2CB158800.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF81F02A1A19365A5F.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2303289648185431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:vYVUuKPveFXJ5T5NDrqISoedGPdGTiEaStedGPdGTn:cUGhTLDmIdD
                                                                                                                                                                                                                                                                                            MD5:0B02CFD2FB8833314E67D294B4CB9CDA
                                                                                                                                                                                                                                                                                            SHA1:BB96129DEE928A7D43758381E357333C10DCBBC9
                                                                                                                                                                                                                                                                                            SHA-256:61D027929B14CD726430EB6BB5EC221375168CE6AF9666E1DA461B28A50F8D13
                                                                                                                                                                                                                                                                                            SHA-512:32993E338F0CD370E5ACC5B634D6B4D96B901A1E11C825916882837E3C8B0F5792A515B59201B6A8AC145CED1E9D5BFE2AD436E56B5B0712A44FF3E2FF96E299
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF81F02A1A19365A5F.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF81F02A1A19365A5F.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF824F2745C96A3EFB.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.300811500529341
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JBO38PhMuh3iFip1GE2yza2t4KAQBHoZagUMClXteb+oAWS+1a0XwZymiL:08PhMuRc06WXOCjT5uXAWSEXwZy9
                                                                                                                                                                                                                                                                                            MD5:37C0B1F42BA3B9BA06FDC6CA76E94C0B
                                                                                                                                                                                                                                                                                            SHA1:692F5F4585C82425FDD256C6C64A75A95082EF65
                                                                                                                                                                                                                                                                                            SHA-256:ECBF2675EC1D8E7806A3CC7B449581113D1D44EE54E93304F01FDF382EDA680D
                                                                                                                                                                                                                                                                                            SHA-512:C148BE8ACAB8168AE18F57B2C0015DFDED65F04BB396F31F097B7747E1104B76D70D0B67936619B0332384500E107D64FB8C68D00A17038A48FDC9C55A8FB45D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF8B7EA23A0D8E3DD5.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):147456
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0951021402805754
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XpfEl6Ar32TwxUWV/voMN44ZxUp4K1VsmwECs+X0FEl6Ar32TwxUWV/voMN44Zxn:5IrmUxLxhK1Lw2dWrmUxLxhK1Lw2
                                                                                                                                                                                                                                                                                            MD5:FA4B4AE6C320E04C8EC11A1DCEF2151A
                                                                                                                                                                                                                                                                                            SHA1:52B5E7490123BE4217D3B4C2792E2F3C05C2ED0B
                                                                                                                                                                                                                                                                                            SHA-256:1B951B18C2875AE71C162FCA6F0CC330EDF235ABF2A9F9E50FA1AC5C60B27E30
                                                                                                                                                                                                                                                                                            SHA-512:2ED499378DF4220BC49A55B6948E26F9F9A519BAB76A97A0260F0024170B773C55DBB0767A1C2F957D8B2EDFE0340FA94EA43DB58A9FFAEDC7E188FDE20B78EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF8CF6C3921CFC1256.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF8E9623454E7B11AA.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0008587736674763
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:AAMMXukJveFXJ5T5pnDHqISoedvPdvbCnuhnq9CAnFpadStedvPdvxubS:HXahTnnDKIciuBuLjs4
                                                                                                                                                                                                                                                                                            MD5:BEDF252FECC9DC096D9A0A0FAD3D703E
                                                                                                                                                                                                                                                                                            SHA1:0A67CB90B9E0C69D166843A70EEB2D07A7A98083
                                                                                                                                                                                                                                                                                            SHA-256:076E517F1C2E1C0046866C0B8719FED1ED0EB6F4479F2C890DD929A0586E518D
                                                                                                                                                                                                                                                                                            SHA-512:483DB47FC1C47322E324ED413168374619AB832ED3FB1AF01E0306AF9C6A9782E743B0093640CB0235BC71DD626DF8F0A142D34808086C2B077A8C2F173DC62E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8E9623454E7B11AA.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF9165C05B65CF14AB.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF97CD11303F586BF5.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF9A00021C80A2B0D6.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.6002829950355284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:M8PhTuRc06WXzmjT56dL4ByWFSjndd4d/EqdvUDjWbQiSsndd4dXE8Rb:jhT1bjTkL4EWF9WD6Ngt
                                                                                                                                                                                                                                                                                            MD5:36A9ED42FBC35AD98748C27DA78B5A57
                                                                                                                                                                                                                                                                                            SHA1:6F1431074F8A1FB922782C23B503299A75CF9E47
                                                                                                                                                                                                                                                                                            SHA-256:4C50C6E9070B44EEAE0F35E6A4AD6BF7BF8B27D63D260B214C143D6293F1C73F
                                                                                                                                                                                                                                                                                            SHA-512:EC9AAEC68BC1EF31CD36E9478C61CAC7CD543C356EA2A60FC0146C3A2392BA0CDAB6E8B5C5E42ED05B6142F7AF0C58432076431D31685DD35D4A1F5113179781
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF9A00021C80A2B0D6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF9A56A51128662116.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFA052C223C555C93C.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.15682082507921613
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:W0RrEuSsndd4dASjndd4d/EqdvUDjWbQvZdL4By:W0L/9WD62jL4E
                                                                                                                                                                                                                                                                                            MD5:ED2A830F49CD0D1B4FCA041BE6E87FEF
                                                                                                                                                                                                                                                                                            SHA1:7589E1C22E4EF2F842C5EFAA55013A978AD13C03
                                                                                                                                                                                                                                                                                            SHA-256:7EDFAF3AEB77D119961580EA9033755BBE5FC59D09337615FCB0EB8AAA692F16
                                                                                                                                                                                                                                                                                            SHA-512:29ED589477596703C32ABFFE10DB0B1693F25718352795C70981C0583DB5EAF7D3CB604DED76945F40021DF95F58051B39EF76BF1941944E75ABDF66940FE5AB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFA052C223C555C93C.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFA1B56B70BEA889C4.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFA29F7DC72E0EE5B6.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFA2A086466C43D0E2.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):147456
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0951021402805754
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XpfEl6Ar32TwxUWV/voMN44ZxUp4K1VsmwECs+X0FEl6Ar32TwxUWV/voMN44Zxn:5IrmUxLxhK1Lw2dWrmUxLxhK1Lw2
                                                                                                                                                                                                                                                                                            MD5:FA4B4AE6C320E04C8EC11A1DCEF2151A
                                                                                                                                                                                                                                                                                            SHA1:52B5E7490123BE4217D3B4C2792E2F3C05C2ED0B
                                                                                                                                                                                                                                                                                            SHA-256:1B951B18C2875AE71C162FCA6F0CC330EDF235ABF2A9F9E50FA1AC5C60B27E30
                                                                                                                                                                                                                                                                                            SHA-512:2ED499378DF4220BC49A55B6948E26F9F9A519BAB76A97A0260F0024170B773C55DBB0767A1C2F957D8B2EDFE0340FA94EA43DB58A9FFAEDC7E188FDE20B78EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFAEAC1BCA82979C15.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69632
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.15587795282549322
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YdbEuSsndddPSjndddwEqdvUDjWbQCzdtBp:Y39fWD6rhtP
                                                                                                                                                                                                                                                                                            MD5:EA02366F78A5C1261356523688B34609
                                                                                                                                                                                                                                                                                            SHA1:ACC0AD55CEAB80DB10843AB3C451647056B51564
                                                                                                                                                                                                                                                                                            SHA-256:F7E37A9677B8A850B1B3551278866EC6BB9A443264A4B99FBA3B24B449AEA6DD
                                                                                                                                                                                                                                                                                            SHA-512:FA97AD8688F882F8C6602EE8001D463B7F329959336ADF6C4B58E58C17D8A1429381D923D3035C82332D683AB9E07530D6BE92B6EB82A1AB6A5992DFC2429D21
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFAEAC1BCA82979C15.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFB152C489C28CA595.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFB2089D35B96B574B.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2520949954299643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:m69u1rh8FXz3T5Pdv4rByKYqSjnd/EqdvUDjWbQKSsnd/E85f4:19/JTzgrEKjIWD6NP6
                                                                                                                                                                                                                                                                                            MD5:90F33472F915315FFC5339F01422D74A
                                                                                                                                                                                                                                                                                            SHA1:17ABEA2F665E8B542AB2954EA74C23C4963A2497
                                                                                                                                                                                                                                                                                            SHA-256:32BECCD611425B5AD9181F369A1FA903F9D2745F8259A4A95BCCFDE17DDF0707
                                                                                                                                                                                                                                                                                            SHA-512:D5DF7BAB7A8EF573F1C7D10A0DDEFEF57A7B77DAF11A8063632BA3065892BFC18385AF26DBCC7701824FDFBA18E8CAA6AA4EA6E2E98E0A81A7A9200E5274EE97
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFB2089D35B96B574B.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFB72F4A1FE098EED4.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFBDFF5910C9B3804D.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07937653477243305
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO8nNr6w+7kjSVky6l/X:2F0i8n0itFzDHF8nNU7kF/X
                                                                                                                                                                                                                                                                                            MD5:6439878FA337DD7B769919FF5C35359F
                                                                                                                                                                                                                                                                                            SHA1:8620735C219A9D25C02E9E6E9A9391A23603C1E8
                                                                                                                                                                                                                                                                                            SHA-256:763703258878870A0265B0870A7B877F8496E2A800139B82572AFD15D8449FFA
                                                                                                                                                                                                                                                                                            SHA-512:4A51F4D7DC1E4932A9A6A5E3BF6B611BC515DAC3FFAFBA3C8E40E0C9F1D9A108A028BA02DDC32EE60F0B424482904E7594BA049EE58FD4CB59A85EB268DB6FAD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFC204C883B94D1B05.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07797218943672189
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOClsplzzhU+PQjgVky6lW:2F0i8n0itFzDHFCel9YXW
                                                                                                                                                                                                                                                                                            MD5:4EC4E492EBEB753C4F915B31950AC8D0
                                                                                                                                                                                                                                                                                            SHA1:BAB5F87173442D8517A72AC17FF1B1FEA71FD97E
                                                                                                                                                                                                                                                                                            SHA-256:0131417FA5FCD6603F9E5C496DCDE4DA9F61E0231178304D3D6F24C1BF820498
                                                                                                                                                                                                                                                                                            SHA-512:BF6FAAA6126B3844CD53371FF6729E23BF760ECC498BF1A86D5DA873B35BF7F41AE58C91F030A90D03789B50A59A5A92424B71795D4EE576B11C6A7A342C1046
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFC6E36A719D4BBB68.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFC89F354E6903A119.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.597213235605433
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:78PhTuRc06WXzcjT5f4dtBvwSjndddwEqdvUDjWbQySsndddSE8d:ihT1BjTxQtJwfWD6Na
                                                                                                                                                                                                                                                                                            MD5:635A9135B27AB7443ED535FDDA245AEC
                                                                                                                                                                                                                                                                                            SHA1:1B6D567888F41BE5FC49516EE1A053FE18F3E37C
                                                                                                                                                                                                                                                                                            SHA-256:2AFE0EFA4198E3BD844DC19D7E104E09C1065B3908A11E06C0177EA72135511A
                                                                                                                                                                                                                                                                                            SHA-512:982AE4EDA6FBEF911AE1A2371C3730991C4E52016251727E2384D1CA2B6454C5B81B10CFE9FD342E36D77617FC8B021A1280A92B6334C5B62EDCAF6820AE28CF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFC89F354E6903A119.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFCC966EA9A67E3CE2.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.275413345712435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:QOLuLrh8FXz3T5bB4dtBvwSjndddwEqdvUDjWbQySsndddSE8d:XLhJTVBQtJwfWD6Na
                                                                                                                                                                                                                                                                                            MD5:7C4E2A2500A43881907EA1BC2E1103C3
                                                                                                                                                                                                                                                                                            SHA1:63F5EA29471B53225A371B40148691643EE3CEA2
                                                                                                                                                                                                                                                                                            SHA-256:250F444D72DF76F86DAEA0E7CC07BF05D0CDB2E8F84A4CBE45F228304D37528C
                                                                                                                                                                                                                                                                                            SHA-512:BDFE2314C84BD0724C2D87FC4E26206B5C234AFEB32E4B07ACA86F2A418B0EB9B2A24DAFE504A29D8229413027EEDB7E414BC55561A7A4BF5CF4CA3BC049FAAD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFCC966EA9A67E3CE2.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFCE03ACF06BD55AF2.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.275413345712435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:QOLuLrh8FXz3T5bB4dtBvwSjndddwEqdvUDjWbQySsndddSE8d:XLhJTVBQtJwfWD6Na
                                                                                                                                                                                                                                                                                            MD5:7C4E2A2500A43881907EA1BC2E1103C3
                                                                                                                                                                                                                                                                                            SHA1:63F5EA29471B53225A371B40148691643EE3CEA2
                                                                                                                                                                                                                                                                                            SHA-256:250F444D72DF76F86DAEA0E7CC07BF05D0CDB2E8F84A4CBE45F228304D37528C
                                                                                                                                                                                                                                                                                            SHA-512:BDFE2314C84BD0724C2D87FC4E26206B5C234AFEB32E4B07ACA86F2A418B0EB9B2A24DAFE504A29D8229413027EEDB7E414BC55561A7A4BF5CF4CA3BC049FAAD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFCE03ACF06BD55AF2.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFCE6955BA849F6CC3.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0008587736674763
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:AAMMXukJveFXJ5T5pnDHqISoedvPdvbCnuhnq9CAnFpadStedvPdvxubS:HXahTnnDKIciuBuLjs4
                                                                                                                                                                                                                                                                                            MD5:BEDF252FECC9DC096D9A0A0FAD3D703E
                                                                                                                                                                                                                                                                                            SHA1:0A67CB90B9E0C69D166843A70EEB2D07A7A98083
                                                                                                                                                                                                                                                                                            SHA-256:076E517F1C2E1C0046866C0B8719FED1ED0EB6F4479F2C890DD929A0586E518D
                                                                                                                                                                                                                                                                                            SHA-512:483DB47FC1C47322E324ED413168374619AB832ED3FB1AF01E0306AF9C6A9782E743B0093640CB0235BC71DD626DF8F0A142D34808086C2B077A8C2F173DC62E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFCE6955BA849F6CC3.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFD05626FC562D3FC0.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFD543E62D23A5DABE.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFD7E653FE9BB68235.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.275413345712435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:QOLuLrh8FXz3T5bB4dtBvwSjndddwEqdvUDjWbQySsndddSE8d:XLhJTVBQtJwfWD6Na
                                                                                                                                                                                                                                                                                            MD5:7C4E2A2500A43881907EA1BC2E1103C3
                                                                                                                                                                                                                                                                                            SHA1:63F5EA29471B53225A371B40148691643EE3CEA2
                                                                                                                                                                                                                                                                                            SHA-256:250F444D72DF76F86DAEA0E7CC07BF05D0CDB2E8F84A4CBE45F228304D37528C
                                                                                                                                                                                                                                                                                            SHA-512:BDFE2314C84BD0724C2D87FC4E26206B5C234AFEB32E4B07ACA86F2A418B0EB9B2A24DAFE504A29D8229413027EEDB7E414BC55561A7A4BF5CF4CA3BC049FAAD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFD7E653FE9BB68235.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFD9E202C2DFBEEDA8.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.6203423877797576
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qg8PhPuRc06WXJEFT5RDHqISoedvPdvbCnuhnq9CAnFpadStedvPdvxubS:ihP1HFTfDKIciuBuLjs4
                                                                                                                                                                                                                                                                                            MD5:610744AF86FF1CAE1FDC7BBBFE2FB2B0
                                                                                                                                                                                                                                                                                            SHA1:6E8CE2D95DCB085055DAF79048583A4745CAFB3D
                                                                                                                                                                                                                                                                                            SHA-256:1DD825737D26916D0362939993DF84CC25ECDE7473898F3643BF5605B073BAF2
                                                                                                                                                                                                                                                                                            SHA-512:967B3E57E38890CCBA8A670DB9CA857EA970FE3D6C59C6BA01D22F8DB9F5BD039D19EA14ECA90325FD06120E6CFDF3796454DD4AD53D9DE1B0C924C4BE6B0613
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFD9E202C2DFBEEDA8.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFDA97075FB4A7F65A.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2766075799826924
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:GQLuDrh8FXzBT5bUdL4ByWFSjndd4d/EqdvUDjWbQiSsndd4dXE8Rb:fLJvTVUL4EWF9WD6Ngt
                                                                                                                                                                                                                                                                                            MD5:9205A7BFC2C0D550329DBDD1E255690D
                                                                                                                                                                                                                                                                                            SHA1:ED88DA8FF65E15D9E7440C34366AB63B3C1730E8
                                                                                                                                                                                                                                                                                            SHA-256:3C726D055EB990A49D4E3FDEF0FBDB9DFAC0403BC1EF73C20BF2E4CB65069699
                                                                                                                                                                                                                                                                                            SHA-512:25957E1882369882D098BCC8112EEA58B8B6D5814830BA77A3DB9E2DF6609101F9081417A64E3B9446B246FB46750D169C874EAC0B89302C2FE309D4220868ED
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFDA97075FB4A7F65A.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFDAAE4867D7627C41.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFDB6804B6688B0C38.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFDDC2DF385B44AAA6.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFDF6262B04F1CB529.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2520949954299643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:m69u1rh8FXz3T5Pdv4rByKYqSjnd/EqdvUDjWbQKSsnd/E85f4:19/JTzgrEKjIWD6NP6
                                                                                                                                                                                                                                                                                            MD5:90F33472F915315FFC5339F01422D74A
                                                                                                                                                                                                                                                                                            SHA1:17ABEA2F665E8B542AB2954EA74C23C4963A2497
                                                                                                                                                                                                                                                                                            SHA-256:32BECCD611425B5AD9181F369A1FA903F9D2745F8259A4A95BCCFDE17DDF0707
                                                                                                                                                                                                                                                                                            SHA-512:D5DF7BAB7A8EF573F1C7D10A0DDEFEF57A7B77DAF11A8063632BA3065892BFC18385AF26DBCC7701824FDFBA18E8CAA6AA4EA6E2E98E0A81A7A9200E5274EE97
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFDF6262B04F1CB529.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFDFCAE420CB6529E7.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.5659002898370418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:N8PhFuRc06WXzcjT5/dv4rByKYqSjnd/EqdvUDjWbQKSsnd/E85f4:whF1BjTrgrEKjIWD6NP6
                                                                                                                                                                                                                                                                                            MD5:28C6A6E8CCF9EE0B0083DE8BFC592E2F
                                                                                                                                                                                                                                                                                            SHA1:2CCEE6927DCE115DF7731CC5C19E374BE778E540
                                                                                                                                                                                                                                                                                            SHA-256:89B73DF412D7A00B36F5A935C2D7D58D7CB127D93D612BE80B4A2736FDAD6ADC
                                                                                                                                                                                                                                                                                            SHA-512:1B5B28A7454A8CA82A9689F8C4C08B59CF925EDAE7CBCD277DD49213DC62C463CE195329DBF82156EDBDB7107C133C76E051CFB1DCED1DB463DE79E9737A34C5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFDFCAE420CB6529E7.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFE9B449BD491A7894.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFEB64C0339C207DA1.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFED2D5D06D7D2AAFA.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.6203423877797576
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qg8PhPuRc06WXJEFT5RDHqISoedvPdvbCnuhnq9CAnFpadStedvPdvxubS:ihP1HFTfDKIciuBuLjs4
                                                                                                                                                                                                                                                                                            MD5:610744AF86FF1CAE1FDC7BBBFE2FB2B0
                                                                                                                                                                                                                                                                                            SHA1:6E8CE2D95DCB085055DAF79048583A4745CAFB3D
                                                                                                                                                                                                                                                                                            SHA-256:1DD825737D26916D0362939993DF84CC25ECDE7473898F3643BF5605B073BAF2
                                                                                                                                                                                                                                                                                            SHA-512:967B3E57E38890CCBA8A670DB9CA857EA970FE3D6C59C6BA01D22F8DB9F5BD039D19EA14ECA90325FD06120E6CFDF3796454DD4AD53D9DE1B0C924C4BE6B0613
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFED2D5D06D7D2AAFA.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFEEFD8CF3F6EA13B9.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2208823414120733
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:628PhcuRc06WXJEFT5BDrqISoedGPdGTiEaStedGPdGTn:4hc1HFTPDmIdD
                                                                                                                                                                                                                                                                                            MD5:EAB2BEF657FE72DACFE865739D0E614D
                                                                                                                                                                                                                                                                                            SHA1:C9E9679B0755990CAD65B9FF00277CA2A8962901
                                                                                                                                                                                                                                                                                            SHA-256:6BB955EC1898A4AD4EB0184BC94CD53E63243A47AA540ACAD728AC651A347D9B
                                                                                                                                                                                                                                                                                            SHA-512:6C993C92D3B13874700EA225CC4CF701EE56598CAA4207FA9E37D03AA98A66847C348839684F4D2DEEAB368AA4859E86C26B7C10366138FE6782B6187AF5182F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Yara Hits:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFEEFD8CF3F6EA13B9.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFFA48095E4CE013F1.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07603714577563463
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOLoJycudl2DIpYoVky6lM:2F0i8n0itFzDHFLGy/MDIpyM
                                                                                                                                                                                                                                                                                            MD5:B27DDEE778F1E4A018D76B93E6C60A8B
                                                                                                                                                                                                                                                                                            SHA1:F498E8F1317AA0434CEEA7939A7EE456B28C525A
                                                                                                                                                                                                                                                                                            SHA-256:FE690CABC9D3A78EB013C6F2F22E19ED0722A26B9912ACD0E99264596BAB82F5
                                                                                                                                                                                                                                                                                            SHA-512:3082DC9CC4A9182BB623F31BBF1831941639E8B53982F2C8D9401D091BEE6E655C07684DF931BCEF0865AF0907E1EC41673082E9AFEC9ACA9574B21526E239AA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFFB6A1CF88C313FAA.TMP

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            \Device\ConDrv

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Cy:Cy
                                                                                                                                                                                                                                                                                            MD5:17C47928D1BA7ECB789EE3E4E7BB61A4
                                                                                                                                                                                                                                                                                            SHA1:58836A68D7DA82082C676A5E1F5BC33F2A8CADF0
                                                                                                                                                                                                                                                                                            SHA-256:42A3ABE36D8E5C5CB6123D9DA9ADB152C87AD6E08CB6327BB5405A8E297635E4
                                                                                                                                                                                                                                                                                            SHA-512:EF35FF11C834B9F6696C0EB1FA3F32A3DAE4C304AB872E2A5357D539DDA15C3AC7BD618B5AE8628BCF42BC9B47AFE0C6796816318B2E10B8378EDAFD953EE336
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:52..

                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878656466069426
                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                            • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                            • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                            File name:PropostaOrcamentoPdf.msi
                                                                                                                                                                                                                                                                                            File size:2'994'176 bytes
                                                                                                                                                                                                                                                                                            MD5:161dc4dab13372653178ee20e4425617
                                                                                                                                                                                                                                                                                            SHA1:84afb549c3f546e10fcda181190e1adceb519076
                                                                                                                                                                                                                                                                                            SHA256:678e3da3b697049b132b3bde032437d99675ce85f7cba594aaac0d93927ce971
                                                                                                                                                                                                                                                                                            SHA512:509e7ce95bc54246cd5abe1747f2f890e8143a5b504ba7fa5ed8c48e769297aaf135bdc3b5c1545f5f764c209d6822af79b3f762bc2d7dce96e641cc9f63c543
                                                                                                                                                                                                                                                                                            SSDEEP:49152:/+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:/+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                            TLSH:59D523127584483AE37B0A358D7AD6A05E7DFE605B70CA8E9308741E2D705C1AB76FB3
                                                                                                                                                                                                                                                                                            File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                                            Start time:11:01:43
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PropostaOrcamentoPdf.msi"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7ab500000
                                                                                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                                                            Start time:11:01:44
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7ab500000
                                                                                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                                                            Start time:11:01:44
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding B34153CDE5D0C02494ABF2A25FF83C1C
                                                                                                                                                                                                                                                                                            Imagebase:0xf80000
                                                                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                                                            Start time:11:01:45
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSI1620.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5707390 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.2233604866.000000000431D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                                            Start time:11:01:46
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSI1BDE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5708812 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.2240536659.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2282418773.00000000050D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2282418773.0000000005174000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                                                            Start time:11:01:51
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSI2E00.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5713437 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000006.00000003.2290414997.000000000417D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                                            Start time:11:01:52
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 76C5016BCD6723C10255D2DE20E244D9 E Global\MSI0000
                                                                                                                                                                                                                                                                                            Imagebase:0xf80000
                                                                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                                                            Start time:11:01:52
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                            Imagebase:0x260000
                                                                                                                                                                                                                                                                                            File size:47'104 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                            Start time:11:01:52
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                            Start time:11:01:52
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                                                                                                                                                            File size:139'776 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                            Start time:11:01:52
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                            Imagebase:0x110000
                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                            Start time:11:01:52
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                                            Start time:11:01:53
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="orcamentos96@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000PPQvXIAX" /AgentId="374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3"
                                                                                                                                                                                                                                                                                            Imagebase:0x1e373160000
                                                                                                                                                                                                                                                                                            File size:145'968 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2353618442.000001E3759A5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E30008C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E3000BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E300089000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2351721551.000001E3732A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2351721551.000001E3732A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2352364714.000001E373530000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2353560207.000001E375990000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2355425593.00007FFD34484000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E30017C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2351721551.000001E3732C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E300132000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2351721551.000001E37332F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E3000B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E3000B4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000000.2309114545.000001E373162000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2348889319.000001E300001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                            • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                                                            Start time:11:01:56
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                            Imagebase:0x259593a0000
                                                                                                                                                                                                                                                                                            File size:145'968 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A6C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A992000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A762000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3508650457.00000259728F9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A734000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A7BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A5DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3399599331.000000A424BE9000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3401189775.000000A424DF4000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A72A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3401637796.000000A424FE9000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A720000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3404135270.000000A4253F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A698000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A628000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3402039545.000000A4250E9000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3515611035.0000025972ED5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3405645078.000000A4256EA000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A686000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A73A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AB06000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AB2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A905000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A79E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A714000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A81B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A82F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3406712089.000002595958C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AB37000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3387279185.000000A422D35000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A748000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3401352426.000000A424EE9000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3411865299.0000025959700000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3406712089.0000025959550000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A740000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3515611035.0000025972E8F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3402661587.000000A4251F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A6DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3406544413.0000025959450000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A7A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AAFA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AB85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595ABAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A6AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3413329190.0000025959CB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3402867465.000000A4252E9000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A81F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A807000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3406712089.00000259595D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A944000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.0000025959E5D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A772000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A6F4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AB66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A7AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3413329190.0000025959D15000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A346000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A74C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3404757391.000000A4254F1000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A518000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3511757048.0000025972A05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A75A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3508650457.00000259729CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3405170266.000000A4255E9000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A7B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A609000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AAF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A756000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A891000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A06B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A9EF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A61A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3406712089.0000025959603000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3406712089.0000025959558000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A5B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A6FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595AB41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A6CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A67C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A632000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.000002595A3FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3417755880.0000025959DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                                                            Start time:11:01:57
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66d080000
                                                                                                                                                                                                                                                                                            File size:72'192 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                            Start time:11:01:57
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                                            Start time:11:01:58
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSI4A38.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5720687 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000002.2406825631.0000000004327000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000002.2406825631.0000000004281000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000003.2360140161.000000000410F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                                                            Start time:11:02:56
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "31fd3e86-7595-463e-92f6-60c24bb7aa8c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                                                                                                                                                                                                                                                                                            Imagebase:0x1428dcf0000
                                                                                                                                                                                                                                                                                            File size:186'408 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:9D8D50D2789C2A8D847D7953518A96F6
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2961435509.000001428DDB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2964285314.000001428E9B7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2961435509.000001428DDFC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2964285314.000001428E9E9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000000.2938372246.000001428DCF2000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2961435509.000001428DDBC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2963217297.000001428E820000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2962415195.000001428E060000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2961435509.000001428DE3C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2964285314.000001428E971000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2961435509.000001428DDF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2964285314.000001428EA57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                                                            Start time:11:02:56
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3634c52b-6d9d-4510-b9da-41a474bfadc9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000PPQvXIAX
                                                                                                                                                                                                                                                                                            Imagebase:0x1a691f90000
                                                                                                                                                                                                                                                                                            File size:186'408 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:9D8D50D2789C2A8D847D7953518A96F6
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2963679654.000001A692A67000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2961473498.000001A6921F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2961473498.000001A692279000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2961473498.000001A6921F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2963679654.000001A6929F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2963679654.000001A692981000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2961473498.000001A69222D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2961473498.000001A692236000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2962489998.000001A6924D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2962298010.000001A692422000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                                                            Start time:11:02:56
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                                                                            Start time:11:02:56
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                                                                            Start time:11:03:11
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "3d5dc085-b6e7-4fa2-ab3b-75d4e067138f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000PPQvXIAX
                                                                                                                                                                                                                                                                                            Imagebase:0x203cb290000
                                                                                                                                                                                                                                                                                            File size:186'408 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:9D8D50D2789C2A8D847D7953518A96F6
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBDA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBDA8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBE3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBB31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3378950073.00000203CB3A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3378950073.00000203CB3E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBD75000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3421825510.00000203E46F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBCE6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBD78000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3378950073.00000203CB427000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3415240965.00000203E4555000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3415989830.00000203E4574000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3382487182.00000203CB6C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3418631183.00000203E4609000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3378950073.00000203CB3DB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3383065708.00000203CBBC6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                                                                            Start time:11:03:11
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                                                                            Start time:11:03:12
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible "
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3142586290.00000193CD440000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3144833957.00000193CE52B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                                                                                            Start time:11:03:12
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                                                                                            Start time:11:03:21
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "11dde691-674b-4abc-a849-3026371a4444" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000PPQvXIAX
                                                                                                                                                                                                                                                                                            Imagebase:0x1991b800000
                                                                                                                                                                                                                                                                                            File size:57'896 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:E9794F785780945D2DDE78520B9BB59F
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3524990505.000001991B8D7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3532491010.000001991C2F4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3550578996.0000019934A0A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3550578996.0000019934A5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3518393323.00000097FD553000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3550403996.00000199349EF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3546903289.00000199349C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3524990505.000001991B91D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3532491010.000001991C1F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3532491010.000001991C463000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3524990505.000001991B8D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3532491010.000001991C365000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3529098713.000001991BB25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3529583312.000001991BBE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000000.3190761319.000001991B802000.00000002.00000001.01000000.0000001C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3532491010.000001991C30B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3524990505.000001991B981000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3524990505.000001991B8AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3524274975.000001991B890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3532491010.000001991C474000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3550578996.00000199349FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                                                                            Start time:11:03:21
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                                                                            Start time:11:03:23
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
                                                                                                                                                                                                                                                                                            Imagebase:0x2a4c9c20000
                                                                                                                                                                                                                                                                                            File size:57'896 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:E9794F785780945D2DDE78520B9BB59F
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3227864831.000002A4C9CC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3227864831.000002A4C9D01000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3227864831.000002A4C9CC8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3324055173.000002A4CA511000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3227864831.000002A4C9D4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3323279513.000002A4C9F20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3227864831.000002A4C9CDD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3324055173.000002A4CA593000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                                                                            Start time:11:03:23
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                                                                            Start time:11:03:23
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff67fb90000
                                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3297430762.000002B4165C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3297430762.000002B4165E3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000003.3214494462.000002B4166E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3297430762.000002B4165CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000003.3296693535.000002B4165E7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3297608269.000002B4166C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                                                                                            Start time:11:03:23
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                                                                                                            Start time:11:03:24
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cscript.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6b6110000
                                                                                                                                                                                                                                                                                            File size:161'280 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3294735494.00000273268C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                                                                                                            Start time:11:03:25
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\sppsvc.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\sppsvc.exe
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff799c70000
                                                                                                                                                                                                                                                                                            File size:4'630'384 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:320823F03672CEB82CC3A169989ABD12
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                                                                                                            Start time:11:03:27
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7ab500000
                                                                                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000003.3508232767.000001DC8F09F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000003.3467806002.000001DC8F050000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000027.00000002.3509493854.000001DC8F0A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                                                                                                            Start time:11:03:28
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 7482BF808364957C1D679E43E52AA945 E Global\MSI0000
                                                                                                                                                                                                                                                                                            Imagebase:0xf80000
                                                                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:41
                                                                                                                                                                                                                                                                                            Start time:11:03:28
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIA90D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5810546 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000029.00000003.3258750313.0000000004691000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                                                                                                            Start time:11:03:29
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSIADE0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5811859 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000002.3341027392.00000000042F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000003.3271716521.0000000004202000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000002.3341027392.0000000004394000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                                                                                                            Start time:11:03:32
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "d30aea16-8ebf-49ba-8534-a09d49b9b6b8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000PPQvXIAX
                                                                                                                                                                                                                                                                                            Imagebase:0x1f340850000
                                                                                                                                                                                                                                                                                            File size:33'320 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:2EC1D28706B9713026E8C6814E231D7C
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000000.3303535329.000001F340852000.00000002.00000001.01000000.00000025.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996562467.000001F34113F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996562467.000001F34146F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.4427503164.000001F359A91000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996562467.000001F341427000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3991728641.000001F3409BC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3991728641.000001F3409D2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3991728641.000001F3409B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3990298723.00000038BC7F2000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996562467.000001F3411FF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3991728641.000001F340A3F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996562467.000001F34115A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996033641.000001F341072000.00000002.00000001.01000000.00000031.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.4427503164.000001F359AE4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.4427503164.000001F359AFD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996562467.000001F3410E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3991728641.000001F340A02000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3996562467.000001F341188000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3995526891.000001F341042000.00000002.00000001.01000000.00000030.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3991533155.000001F3409A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.3991728641.000001F3409F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.4427503164.000001F359A30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                                                                                                            Start time:11:03:32
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                                                                                                            Start time:11:03:33
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k smphost
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:46
                                                                                                                                                                                                                                                                                            Start time:11:03:36
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 374ce1d0-41ea-4bc2-9f02-9a7fae16b0f3 "25a609e0-48c4-43ea-ab9f-0e5ee31d888e" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000PPQvXIAX
                                                                                                                                                                                                                                                                                            Imagebase:0x21f600b0000
                                                                                                                                                                                                                                                                                            File size:72'744 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:67FEF41237025021CD4F792E8C24E95A
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4301175229.0000021F6032F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4374433116.0000021F7934C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4312328885.0000021F60C6C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4301175229.0000021F602E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4312328885.0000021F60B61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4311434710.0000021F60430000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4301175229.0000021F602C5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4301175229.0000021F602E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4301175229.0000021F602A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4312328885.0000021F60A31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4312328885.0000021F60FBE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4374433116.0000021F792D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000000.3343936509.0000021F600B2000.00000002.00000001.01000000.00000027.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4312328885.0000021F60AA8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002E.00000002.4374433116.0000021F792F5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:47
                                                                                                                                                                                                                                                                                            Start time:11:03:37
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:48
                                                                                                                                                                                                                                                                                            Start time:11:03:37
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:rundll32.exe "C:\Windows\Installer\MSICD60.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5819796 46 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                            Imagebase:0x7c0000
                                                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000030.00000003.3351094328.0000000004E54000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:49
                                                                                                                                                                                                                                                                                            Start time:11:03:40
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                            Imagebase:0x260000
                                                                                                                                                                                                                                                                                            File size:47'104 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:50
                                                                                                                                                                                                                                                                                            Start time:11:03:40
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:51
                                                                                                                                                                                                                                                                                            Start time:11:03:40
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                                                                                                                                                            File size:139'776 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:52
                                                                                                                                                                                                                                                                                            Start time:11:03:40
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                            Imagebase:0x110000
                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3389203977.000000000323C000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:53
                                                                                                                                                                                                                                                                                            Start time:11:03:41
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:54
                                                                                                                                                                                                                                                                                            Start time:11:03:42
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                                                                                                                                                                                                                                                                                            Imagebase:0x13223790000
                                                                                                                                                                                                                                                                                            File size:145'968 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3463290327.00007FFD342D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3462153461.000001323DD90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3457098976.00000132255E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3457098976.0000013225554000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3453146675.0000013223A37000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3456611419.0000013223B40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3453146675.00000132239B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3453146675.00000132239EC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3453146675.0000013223A71000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3453146675.00000132239B8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3457098976.000001322557C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3457098976.00000132254D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3457098976.0000013225577000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3457098976.00000132255D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3457098976.000001322555C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:55
                                                                                                                                                                                                                                                                                            Start time:11:03:49
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                            Imagebase:0x260000
                                                                                                                                                                                                                                                                                            File size:47'104 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:56
                                                                                                                                                                                                                                                                                            Start time:11:03:49
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:99
                                                                                                                                                                                                                                                                                            Start time:11:04:28
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:
                                                                                                                                                                                                                                                                                            Has administrator privileges:
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:178
                                                                                                                                                                                                                                                                                            Start time:11:04:56
                                                                                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:
                                                                                                                                                                                                                                                                                            Has administrator privileges:
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                            No disassembly